Vanderbilt Redcap

41 CVEs affecting Vanderbilt Redcap. Latest disclosed: 2026-01-02. Critical: 2, High: 5.

Top CVEs affecting Vanderbilt Redcap
CVESeverityScorePublishedSummary
CVE-2020-26712Critical9.82021-01-12REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information…
CVE-2021-42136Critical9.02022-04-13A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript…
CVE-2024-56311High8.82024-12-22REDCap through 14.9.6 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker ca…
CVE-2024-56310High8.82024-12-22REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit…
CVE-2017-7351High8.82018-02-08A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload.
CVE-2017-10961High8.82017-07-18REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components.
CVE-2019-14937High7.52019-08-17REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_po…
CVE-2023-38825Medium6.52024-03-21SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in M…
CVE-2025-23112Medium6.12025-01-10An issue was discovered in REDCap 14.9.6. A stored cross-site scripting (XSS) vulnerability allows authenticated users to inject malicious scripts into the Sur…
CVE-2025-23110Medium6.12025-01-10An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting (XSS) vulnerability in the email-subject field exists while performing an upload of…
CVE-2024-45527Medium6.12024-09-02REDCap 14.7.0 allows HTML injection via the project title of a New Project action. This can lead to resultant logout CSRF via index.php?logout=1, and can also…
CVE-2022-42715Medium6.12022-10-12A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger ar…
CVE-2020-26713Medium6.12021-01-12REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. The information submitted by the user is immediately returned in the r…
CVE-2017-10962Medium6.12017-07-18REDCap before 7.5.1 has XSS via the query string.
CVE-2024-37396Medium5.42025-06-10A stored cross-site scripting (XSS) vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML…
CVE-2024-37395Medium5.42025-06-10A stored cross-site scripting (XSS) vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or…
CVE-2024-37394Medium5.42025-06-10A stored cross-site scripting (XSS) vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML…
CVE-2024-56377Medium5.42025-01-09A stored cross-site scripting (XSS) vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Titl…
CVE-2024-56376Medium5.42025-01-09A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the me…
CVE-2024-56314Medium5.42024-12-22A stored cross-site scripting (XSS) vulnerability in the Project name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the…