Vanderbilt » Redcap : Security Vulnerabilities, CVEs, Published In 2019

CVE-2019-17121

REDCap before 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values.
Max CVSS
5.4
EPSS Score
0.05%
Published
2019-10-04
Updated
2019-10-08

CVE-2019-15127

REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file.
Max CVSS
5.4
EPSS Score
0.05%
Published
2019-08-21
Updated
2019-08-23

CVE-2019-14937

REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data.
Max CVSS
7.5
EPSS Score
0.15%
Published
2019-08-17
Updated
2019-08-27

CVE-2019-13029

Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser.
Max CVSS
4.8
EPSS Score
0.07%
Published
2019-07-11
Updated
2019-07-24
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close