Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
VanderbiltRedcap

2 matches found

CVE
CVEadded 2019/08/17 5:15 p.m.230 views

CVE-2019-14937

REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data.

7.5CVSS7.8AI score0.00482EPSS
CVE
CVEadded 2019/08/21 7:15 p.m.30 views

CVE-2019-15127

REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file.

5.4CVSS5.2AI score0.00343EPSS