VYPR

REDCap

by REDCap

CVEs (9)

  • CVE-2017-10961HigJul 18, 2017
    risk 0.57cvss 8.8epss 0.01

    REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components.

  • CVE-2017-10962MedJul 18, 2017
    risk 0.40cvss 6.1epss 0.01

    REDCap before 7.5.1 has XSS via the query string.

  • CVE-2013-4611Jun 17, 2013
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknown impact via vectors involving (1) the Online Designer page or (2) the Manage Survey Participants page.

  • CVE-2013-4610Jun 17, 2013
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Data Search utility in data-entry forms in REDCap before 5.0.3 and 5.1.x before 5.1.2 has unknown impact and remote attack vectors.

  • CVE-2013-4608Jun 17, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in REDCap before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving the Graphical Data View & Descriptive Stats page.

  • CVE-2012-6567Jun 17, 2013
    risk 0.00cvss epss 0.01

    REDCap before 4.14.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the logic of a custom rule.

  • CVE-2012-6566Jun 17, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in REDCap before 4.14.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-6565Jun 17, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in REDCap before 4.14.3 allows remote authenticated users to inject arbitrary web script or HTML via uppercase characters in JavaScript events within user-defined labels.

  • CVE-2012-6564Jun 17, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in REDCap before 4.14.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.