Shodan
Vulnerabilities
Vulnerable Software
Vanderbilt:  >> Redcap  >> 4.14.4  Security Vulnerabilities
CVE-2023-37361
REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.
CVSS Score
2.7
EPSS Score
0.001
Published
2023-07-25
CVE-2022-42715
A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution.
CVSS Score
6.1
EPSS Score
0.002
Published
2022-10-12
CVE-2021-42136
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request Forgery attack to escalate privileges to administrator.
CVSS Score
9.0
EPSS Score
0.018
Published
2022-04-13
CVE-2019-17121
REDCap before 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-10-04
CVE-2019-15127
REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-08-21
CVE-2017-10961
REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-07-18
CVE-2017-10962
REDCap before 7.5.1 has XSS via the query string.
CVSS Score
6.1
EPSS Score
0.002
Published
2017-07-18
CVE-2013-4608
Cross-site scripting (XSS) vulnerability in REDCap before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving the Graphical Data View & Descriptive Stats page.
CVSS Score
4.3
EPSS Score
0.002
Published
2013-06-17
CVE-2013-4609
REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via (1) the Online Designer or (2) the Data Dictionary upload, as demonstrated by an eval call.
CVSS Score
6.5
EPSS Score
0.002
Published
2013-06-17
CVE-2013-4610
Unspecified vulnerability in the Data Search utility in data-entry forms in REDCap before 5.0.3 and 5.1.x before 5.1.2 has unknown impact and remote attack vectors.
CVSS Score
10.0
EPSS Score
0.003
Published
2013-06-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved