📦 Redcap

A stored XSS vulnerability in REDCap's Missing Data Codes functionality allows attackers to inject malicious JavaScript that executes in users' browsers. This can lead to CSRF attacks that escalate pr...

CVE-2020-26712 is a critical SQL injection vulnerability in REDCap's ToDoList function that allows attackers to execute arbitrary SQL commands via the sort parameter. This affects REDCap 10.3.4 instal...

REDCap versions through 14.9.6 have a CSRF vulnerability in Project Dashboards that allows attackers to force user logout by tricking users into clicking malicious dashboard names. This affects all RE...

REDCap 14.3.13 has a username enumeration vulnerability where attackers can distinguish between valid and invalid usernames based on response time differences during login attempts. This affects all o...

This stored XSS vulnerability in REDCap allows authenticated users to inject malicious scripts into Project Dashboards via title and content fields. When other users view these dashboards, the scripts...

This stored XSS vulnerability in REDCap's Calendar function allows authenticated users to inject malicious scripts into calendar event notes. When other users view these events, the scripts execute in...

A reflected cross-site scripting (XSS) vulnerability in REDCap 14.9.6 allows attackers to inject malicious scripts via CSV files containing alert configurations. When victims upload these files and cl...

A stored cross-site scripting (XSS) vulnerability in REDCap 14.9.6 allows authenticated users to inject malicious scripts into survey field names. When recipients click on these field names while taki...

A stored cross-site scripting (XSS) vulnerability in REDCap 14.9.6's built-in messenger allows authenticated users to inject malicious scripts into message fields. When recipients click on these messa...

This stored XSS vulnerability in REDCap allows authenticated users to inject malicious scripts into project names. When other users click on these project names, the scripts execute in their browser c...

This stored XSS vulnerability in REDCap allows authenticated users to inject malicious scripts into Project Dashboard names. When other users click on these dashboard names, the scripts execute in the...