Filtered by vendor Vanderbilt
Subscribe
Search
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24004 | 1 Vanderbilt | 1 Redcap | 2022-06-24 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title (aka new_title) field when editing an existing conversation. The payload executes in the browser of any conversation participant with the sidebar shown. | |||||
| CVE-2022-24127 | 1 Vanderbilt | 1 Redcap | 2022-06-24 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title (app_title) field when editing an existing project. The payload is then reflected within the title tag of the page. | |||||
| CVE-2020-26713 | 1 Vanderbilt | 1 Redcap | 2021-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. The information submitted by the user is immediately returned in the response and not escaped leading to the reflected XSS vulnerability. Attackers can exploit vulnerabilities to steal login session information or borrow user rights to perform unauthorized acts. | |||||
| CVE-2020-27358 | 1 Vanderbilt | 1 Redcap | 2021-07-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another's conversation threads by changing the thread_id parameter in the request to the endpoint Messenger/messenger_download_csv.php?title=Hey&thread_id={THREAD_ID}. | |||||
| CVE-2019-17121 | 1 Vanderbilt | 1 Redcap | 2019-10-08 | 3.5 LOW | 5.4 MEDIUM |
| REDCap before 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values. | |||||
| CVE-2019-15127 | 1 Vanderbilt | 1 Redcap | 2019-08-23 | 3.5 LOW | 5.4 MEDIUM |
| REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file. | |||||
| CVE-2019-13029 | 1 Vanderbilt | 1 Redcap | 2019-07-24 | 3.5 LOW | 4.8 MEDIUM |
| Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser. | |||||