4 matches found
EUVD-2024-53101
Malicious code in bioql PyPI...
PT-2024-36782 · Redcap · Redcap
Name of the Vulnerable Software and Affected Versions: REDCap versions 14.9.6 through 15.0.0 Description: The issue is related to a security flaw in the Notes section of calendar events in REDCap, exposing users to a Cross-Site Request Forgery CSRF attack. An attacker can exploit this by luring...
CVE-2024-56310
CVE-2024-56310 affects REDCap up to 14.9.6 and up to 15.0.0, due to missing CSRF protections on the Logout functionality. An attacker can lure a user to click a Project Dashboards name containing a payload, triggering a logout and terminating the user session. Root cause: CSRF protection absent o...
CVE-2024-56311
REDCap through 14.9.6 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery CSRF attack. An attacker can exploit this by luring users into accessing a calendar event's notes, which triggers a logout request and terminates their session. This...