REDCap
by REDCap
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-10961 | Hig | 0.57 | 8.8 | 0.01 | Jul 18, 2017 | REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components. | ||
| CVE-2017-10962 | Med | 0.40 | 6.1 | 0.01 | Jul 18, 2017 | REDCap before 7.5.1 has XSS via the query string. | ||
| CVE-2013-4611 | 0.00 | — | 0.03 | Jun 17, 2013 | Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknown impact via vectors involving (1) the Online Designer page or (2) the Manage Survey Participants page. | |||
| CVE-2013-4610 | 0.00 | — | 0.02 | Jun 17, 2013 | Unspecified vulnerability in the Data Search utility in data-entry forms in REDCap before 5.0.3 and 5.1.x before 5.1.2 has unknown impact and remote attack vectors. | |||
| CVE-2013-4608 | 0.00 | — | 0.01 | Jun 17, 2013 | Cross-site scripting (XSS) vulnerability in REDCap before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving the Graphical Data View & Descriptive Stats page. | |||
| CVE-2012-6567 | 0.00 | — | 0.01 | Jun 17, 2013 | REDCap before 4.14.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the logic of a custom rule. | |||
| CVE-2012-6566 | 0.00 | — | 0.01 | Jun 17, 2013 | Cross-site scripting (XSS) vulnerability in REDCap before 4.14.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2012-6565 | 0.00 | — | 0.01 | Jun 17, 2013 | Cross-site scripting (XSS) vulnerability in REDCap before 4.14.3 allows remote authenticated users to inject arbitrary web script or HTML via uppercase characters in JavaScript events within user-defined labels. | |||
| CVE-2012-6564 | 0.00 | — | 0.01 | Jun 17, 2013 | Cross-site scripting (XSS) vulnerability in REDCap before 4.14.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
- risk 0.57cvss 8.8epss 0.01
REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components.
- risk 0.40cvss 6.1epss 0.01
REDCap before 7.5.1 has XSS via the query string.
- CVE-2013-4611Jun 17, 2013risk 0.00cvss —epss 0.03
Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknown impact via vectors involving (1) the Online Designer page or (2) the Manage Survey Participants page.
- CVE-2013-4610Jun 17, 2013risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Data Search utility in data-entry forms in REDCap before 5.0.3 and 5.1.x before 5.1.2 has unknown impact and remote attack vectors.
- CVE-2013-4608Jun 17, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in REDCap before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving the Graphical Data View & Descriptive Stats page.
- CVE-2012-6567Jun 17, 2013risk 0.00cvss —epss 0.01
REDCap before 4.14.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the logic of a custom rule.
- CVE-2012-6566Jun 17, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in REDCap before 4.14.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2012-6565Jun 17, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in REDCap before 4.14.3 allows remote authenticated users to inject arbitrary web script or HTML via uppercase characters in JavaScript events within user-defined labels.
- CVE-2012-6564Jun 17, 2013risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in REDCap before 4.14.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.