Redcap Security Vulnerabilities and Issues — Redcap CVE List

Lucene search

VanderbiltRedcap

4 matches found

CVE•added 2022/04/13 4:15 p.m.•77 views

CVE-2021-42136

A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request ...

9CVSS8.4AI score0.01758EPSS

CVE•added 2022/06/15 7:15 p.m.•60 views

CVE-2022-24004

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title (aka new_title) field when editing an existing conversation. The payload executes in the bro...

5.4CVSS5.1AI score0.00265EPSS

CVE•added 2022/06/15 7:15 p.m.•44 views

CVE-2022-24127

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title (app_title) field when editing an existing project. The payl...

5.4CVSS5.2AI score0.00158EPSS

CVE•added 2022/10/12 1:15 p.m.•42 views

CVE-2022-42715

A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution.

6.1CVSS6.2AI score0.00169EPSS