Redcap Security Vulnerabilities and Issues — Redcap CVE List

Lucene search

VanderbiltRedcap

5 matches found

CVE•added 2024/12/22 9:15 p.m.•318 views

CVE-2024-56311

REDCap through 14.9.6 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into accessing a calendar event's notes, which triggers a logout request and terminates their session. This v...

8.8CVSS8.8AI score0.00043EPSS

CVE•added 2024/12/22 9:15 p.m.•72 views

CVE-2024-56310

REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and te...

8.8CVSS8.8AI score0.00043EPSS

CVE•added 2018/02/08 3:29 p.m.•41 views

CVE-2017-7351

A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload.

8.8CVSS8.9AI score0.00222EPSS

CVE•added 2025/01/10 10:15 p.m.•41 views

CVE-2025-23113

An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while performing an upload of a CSV file containing a list of alert configuration. An attacker can send the victim a CSV file containing an HTML injection payload in the alert-title. Once th...

8.8CVSS6.7AI score0.00026EPSS

CVE•added 2017/07/18 2:29 p.m.•35 views

CVE-2017-10961

REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components.

8.8CVSS8.6AI score0.00134EPSS