Lucene search
K

9 matches found

CVE
CVE
added 2019/10/04 2:29 a.m.158 views

CVE-2019-17121

CVE-2019-17121 affects REDCap prior to 9.3.4 and involves an XSS vulnerability on the "Customize & Manage Locking/E-signatures" page triggered through Lock Record Custom Text values. The description in the sources confirms the issue but does not provide details on root cause, affected modules bey...

5.4CVSS5.3AI score0.00618EPSS
CVE
CVE
added 2022/04/13 3:32 p.m.90 views

CVE-2021-42136

Summary: CVE-2021-42136 is a stored XSS in REDCap’s Missing Data Codes functionality present in versions before 11.4.0. The vulnerability allows an attacker to store JavaScript as a Missing Data Code value, which is then executed in the victim’s browser and can be leveraged to perform a Cross-Sit...

9CVSS8.4AI score0.04657EPSS
Web
CVE
CVE
added 2025/06/10 12:0 a.m.65 views

CVE-2024-37396

REDCap 13.1.9 is affected by a stored XSS in the Calendar component (Notes field). authenticated users can inject scripted HTML that is executed when the calendar event is viewed. The issue is caused by improper handling of input in the calendar event notes, leading to script execution in the con...

5.4CVSS5.4AI score0.00409EPSS
CVE
CVE
added 2025/06/10 12:0 a.m.64 views

CVE-2024-37395

REDCap 13.1.9.x stores XSS in the Public Survey page: authenticated users can inject scripts via the Survey Title and Survey Instructions. The vulnerability triggers when the survey is accessed via its public link. Remediation is to update to 14.2.1 or later (per the CVE description). The connect...

5.4CVSS5.3AI score0.00409EPSS
CVE
CVE
added 2022/10/12 12:0 a.m.59 views

CVE-2022-42715

Affected software: REDCap (prior to 12.04.18). Vulnerability: Reflected XSS in the Alerts & Notifications upload feature. A crafted CSV file can cause arbitrary JavaScript execution in the user’s browser. Root cause / scope: Unclear from provided docs beyond the XSS result via CSV upload; the iss...

6.1CVSS6.2AI score0.00698EPSS
CVE
CVE
added 2023/07/25 12:0 a.m.58 views

CVE-2023-37361

CVE-2023-37361 affects REDCap versions 12.0.26 LTS and 12.3.2 Standard. The vulnerability is a SQL injection coming from specific parameters (scheduling, repeatforms, purpose, app_title, randomization) used in various function points, potentially enabling unauthorized data access or manipulation ...

2.7CVSS5.2AI score0.00513EPSS
CVE
CVE
added 2025/06/10 12:0 a.m.54 views

CVE-2024-37394

CVE-2024-37394 (REDCap) : A stored XSS in REDCap 13.1.9 affects the Project Dashboards, allowing authenticated users to inject payloads into the Dashboard title and content. Exploitation leads to execution of malicious scripts when the dashboard is viewed. Red Hat CVE records mirror this issue fo...

5.4CVSS5.7AI score0.00409EPSS
CVE
CVE
added 2024/03/06 12:0 a.m.47 views

CVE-2023-38825

Summary: CVE-2023-38825 is a SQL injection vulnerability in Vanderbilt REDCap prior to v13.8.0, exposed via the MyCapMobileApp/update.php password-reset endpoint. Affected software: Vanderbilt REDCap (pre-13.8.0). Root cause/impact: improper input handling in the password-reset path allows a remo...

9.8CVSS7.4AI score0.00952EPSS
Web
CVE
CVE
added 2019/08/21 6:14 p.m.42 views

CVE-2019-15127

CVE-2019-15127 affects REDCap prior to 9.3.0. The issue is an XSS vulnerability on the Data Import Tool page, exploitable by a CSV data import file and affecting non-administrator accounts. The description in public records does not specify the underlying root cause or CVE exploit vectors beyond ...

5.4CVSS5.2AI score0.00531EPSS