Vulnerability Details CVE-2019-13029
Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.2%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
- http://packetstormsecurity.com/files/153691/REDCap-Cross-Site-Scripting.html
- https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2019-13029/REDCap%20Cross%20Site%20Scripting.txt
- https://gitlab.com/snippets/1874216
- http://packetstormsecurity.com/files/153691/REDCap-Cross-Site-Scripting.html
- https://gitlab.com/snippets/1874216
Products affected by CVE-2019-13029
-
cpe:2.3:a:vanderbilt:redcap:8.0
-
cpe:2.3:a:vanderbilt:redcap:8.10.0
-
cpe:2.3:a:vanderbilt:redcap:8.10.1
-
cpe:2.3:a:vanderbilt:redcap:8.6.0
-
cpe:2.3:a:vanderbilt:redcap:8.6.1
-
cpe:2.3:a:vanderbilt:redcap:8.6.2
-
cpe:2.3:a:vanderbilt:redcap:8.6.3
-
cpe:2.3:a:vanderbilt:redcap:8.6.4
-
cpe:2.3:a:vanderbilt:redcap:8.6.5
-
cpe:2.3:a:vanderbilt:redcap:8.7.0
-
cpe:2.3:a:vanderbilt:redcap:8.7.1
-
cpe:2.3:a:vanderbilt:redcap:8.7.2
-
cpe:2.3:a:vanderbilt:redcap:8.7.3
-
cpe:2.3:a:vanderbilt:redcap:8.7.4
-
cpe:2.3:a:vanderbilt:redcap:8.8.0
-
cpe:2.3:a:vanderbilt:redcap:8.8.1
-
cpe:2.3:a:vanderbilt:redcap:8.8.2
-
cpe:2.3:a:vanderbilt:redcap:8.9.0
-
cpe:2.3:a:vanderbilt:redcap:8.9.1
-
cpe:2.3:a:vanderbilt:redcap:8.9.2
-
cpe:2.3:a:vanderbilt:redcap:8.9.3
-
cpe:2.3:a:vanderbilt:redcap:9.0
-
cpe:2.3:a:vanderbilt:redcap:9.1