Vulnerabilites related to project-redcap - redcap
Vulnerability from fkie_nvd
Published
2013-06-17 11:38
Modified
2024-11-21 01:55
Severity ?
Summary
Unspecified vulnerability in the Data Search utility in data-entry forms in REDCap before 5.0.3 and 5.1.x before 5.1.2 has unknown impact and remote attack vectors.
References
cve@mitre.orghttp://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf
af854a3a-2127-422b-91ae-364da2661108http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf
Impacted products
Vendor Product Version
project-redcap redcap 4.13.18
project-redcap redcap 4.14.5
project-redcap redcap 4.14.6
project-redcap redcap 4.15.0
project-redcap redcap 4.15.1
project-redcap redcap 4.15.2
project-redcap redcap 4.15.3
project-redcap redcap 4.15.4
project-redcap redcap 5.0.0
project-redcap redcap 5.0.1
project-redcap redcap 5.0.6
project-redcap redcap 5.1.0
project-redcap redcap 5.1.1
vanderbilt redcap *
vanderbilt redcap 4.14.0
vanderbilt redcap 4.14.1
vanderbilt redcap 4.14.2
vanderbilt redcap 4.14.3
vanderbilt redcap 4.14.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.13.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "58C92B2E-A9AF-43B4-B1E4-7A873AF1DEAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA4E7E65-1147-4620-B31F-617D34822E9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.14.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "00CED35E-7640-44D4-B5A4-EED2D0163C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61C3C73D-1818-4DB7-A806-FC999EADE7E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8347F389-9331-4689-B52A-87ABFFF02141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B739D2A5-46DF-4CE8-9BAB-6BB94743D21D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7969B764-47A6-4AC7-B18E-236FF25C6552",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "26E48768-FDF1-4A54-8F0E-EC4732B55D66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62B324D-6F70-41B8-B3AC-CDA6D4C3AB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7712A887-BB81-4FAE-9B76-FB9886BE41D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B2AB13A-9C46-4F92-B0D4-96358CF0FDC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA90F46D-9A07-47ED-9A61-C82CBF823D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BDCFE16-45B4-4ADA-AD2D-CBD7706A0C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77B524B5-416A-4082-B36E-55F22F470AFE",
              "versionEndIncluding": "5.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D293B038-228E-42B6-BC99-9BDFCD8D562C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "789C86D0-A11F-4C40-950A-5A617AD7C23A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C366E672-CD77-4932-80D2-09A61B3B1A8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7055FD2-C107-4D23-8B8C-28607C0C0ADA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3242EC5F-0091-4097-9C6E-ADE5100017AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the Data Search utility in data-entry forms in REDCap before 5.0.3 and 5.1.x before 5.1.2 has unknown impact and remote attack vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en la utilidad Data Search en los formularios de entrada de datos de REDCap anterior a v5.0.3 y v5.1.x anterior a v5.1.2 tiene un impacto y vectores de ataque desconocidos."
    }
  ],
  "id": "CVE-2013-4610",
  "lastModified": "2024-11-21T01:55:55.410",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-06-17T11:38:53.590",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-06-17 11:38
Modified
2024-11-21 01:55
Severity ?
Summary
Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknown impact via vectors involving (1) the Online Designer page or (2) the Manage Survey Participants page.
References
cve@mitre.orghttp://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf
af854a3a-2127-422b-91ae-364da2661108http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf
Impacted products
Vendor Product Version
project-redcap redcap 4.13.18
project-redcap redcap 4.14.5
project-redcap redcap 4.14.6
project-redcap redcap 4.15.0
project-redcap redcap 4.15.1
project-redcap redcap 4.15.2
project-redcap redcap 4.15.3
project-redcap redcap 4.15.4
project-redcap redcap 5.0.0
project-redcap redcap 5.0.1
project-redcap redcap 5.0.2
project-redcap redcap 5.0.3
project-redcap redcap 5.0.4
project-redcap redcap 5.0.5
project-redcap redcap 5.0.6
vanderbilt redcap *
vanderbilt redcap 4.14.0
vanderbilt redcap 4.14.1
vanderbilt redcap 4.14.2
vanderbilt redcap 4.14.3
vanderbilt redcap 4.14.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.13.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "58C92B2E-A9AF-43B4-B1E4-7A873AF1DEAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA4E7E65-1147-4620-B31F-617D34822E9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.14.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "00CED35E-7640-44D4-B5A4-EED2D0163C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61C3C73D-1818-4DB7-A806-FC999EADE7E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8347F389-9331-4689-B52A-87ABFFF02141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B739D2A5-46DF-4CE8-9BAB-6BB94743D21D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7969B764-47A6-4AC7-B18E-236FF25C6552",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "26E48768-FDF1-4A54-8F0E-EC4732B55D66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62B324D-6F70-41B8-B3AC-CDA6D4C3AB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7712A887-BB81-4FAE-9B76-FB9886BE41D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "817D8D01-B8E1-4F86-9ACE-0CAF87DA13A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5241C18D-9714-4DEA-9552-55DD3FBE4613",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "220E8227-7D41-48A9-9D61-BEB47EB19FCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D82141E-A1F3-474C-86CE-C7409C4E445F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B2AB13A-9C46-4F92-B0D4-96358CF0FDC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C765A45C-FBBA-4AA0-97BB-9945A8456072",
              "versionEndIncluding": "5.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D293B038-228E-42B6-BC99-9BDFCD8D562C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "789C86D0-A11F-4C40-950A-5A617AD7C23A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C366E672-CD77-4932-80D2-09A61B3B1A8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7055FD2-C107-4D23-8B8C-28607C0C0ADA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3242EC5F-0091-4097-9C6E-ADE5100017AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknown impact via vectors involving (1) the Online Designer page or (2) the Manage Survey Participants page."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades no especificadas en REDCap anterior a v5.1.1 permite a atacantes remotos tener un impacto no determinado a trav\u00e9s de vectores que implican (1) la pagina de Online Designer o (2) la pagina de Manage Survey Participants."
    }
  ],
  "id": "CVE-2013-4611",
  "lastModified": "2024-11-21T01:55:55.550",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-06-17T11:38:53.613",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-06-17 11:38
Modified
2024-11-21 01:55
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in REDCap before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving the Graphical Data View & Descriptive Stats page.
References
cve@mitre.orghttp://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf
af854a3a-2127-422b-91ae-364da2661108http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf
Impacted products
Vendor Product Version
project-redcap redcap 4.13.18
project-redcap redcap 4.14.5
project-redcap redcap 4.14.6
project-redcap redcap 4.15.0
project-redcap redcap 4.15.1
project-redcap redcap 4.15.2
project-redcap redcap 4.15.3
project-redcap redcap 4.15.4
project-redcap redcap 5.0.0
project-redcap redcap 5.0.1
project-redcap redcap 5.0.2
project-redcap redcap 5.0.3
project-redcap redcap 5.0.4
vanderbilt redcap *
vanderbilt redcap 4.14.0
vanderbilt redcap 4.14.1
vanderbilt redcap 4.14.2
vanderbilt redcap 4.14.3
vanderbilt redcap 4.14.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.13.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "58C92B2E-A9AF-43B4-B1E4-7A873AF1DEAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA4E7E65-1147-4620-B31F-617D34822E9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.14.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "00CED35E-7640-44D4-B5A4-EED2D0163C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61C3C73D-1818-4DB7-A806-FC999EADE7E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8347F389-9331-4689-B52A-87ABFFF02141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B739D2A5-46DF-4CE8-9BAB-6BB94743D21D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7969B764-47A6-4AC7-B18E-236FF25C6552",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "26E48768-FDF1-4A54-8F0E-EC4732B55D66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62B324D-6F70-41B8-B3AC-CDA6D4C3AB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7712A887-BB81-4FAE-9B76-FB9886BE41D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "817D8D01-B8E1-4F86-9ACE-0CAF87DA13A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5241C18D-9714-4DEA-9552-55DD3FBE4613",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "220E8227-7D41-48A9-9D61-BEB47EB19FCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "930C4C7A-A038-4045-AAA1-67E8B6CE7C12",
              "versionEndIncluding": "5.0.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D293B038-228E-42B6-BC99-9BDFCD8D562C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "789C86D0-A11F-4C40-950A-5A617AD7C23A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C366E672-CD77-4932-80D2-09A61B3B1A8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7055FD2-C107-4D23-8B8C-28607C0C0ADA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3242EC5F-0091-4097-9C6E-ADE5100017AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in REDCap before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving the Graphical Data View \u0026 Descriptive Stats page."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad Cross-site scripting (XSS) en REDCap anterior a v5.0.6 permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a trav\u00e9s de vectores que involucran a el Graphical Data View y la pagina Descriptive Stats."
    }
  ],
  "id": "CVE-2013-4608",
  "lastModified": "2024-11-21T01:55:55.130",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-06-17T11:38:53.433",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-06-17 11:38
Modified
2024-11-21 01:55
Severity ?
Summary
REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via (1) the Online Designer or (2) the Data Dictionary upload, as demonstrated by an eval call.
References
cve@mitre.orghttp://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf
af854a3a-2127-422b-91ae-364da2661108http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf
Impacted products
Vendor Product Version
project-redcap redcap 4.13.18
project-redcap redcap 4.14.5
project-redcap redcap 4.14.6
project-redcap redcap 4.15.0
project-redcap redcap 4.15.1
project-redcap redcap 4.15.2
project-redcap redcap 4.15.3
project-redcap redcap 4.15.4
project-redcap redcap 5.0.0
project-redcap redcap 5.0.1
project-redcap redcap 5.0.2
project-redcap redcap 5.1.0
project-redcap redcap 5.1.1
project-redcap redcap 5.1.2
vanderbilt redcap *
vanderbilt redcap 4.14.0
vanderbilt redcap 4.14.1
vanderbilt redcap 4.14.2
vanderbilt redcap 4.14.3
vanderbilt redcap 4.14.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.13.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "58C92B2E-A9AF-43B4-B1E4-7A873AF1DEAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA4E7E65-1147-4620-B31F-617D34822E9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.14.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "00CED35E-7640-44D4-B5A4-EED2D0163C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61C3C73D-1818-4DB7-A806-FC999EADE7E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8347F389-9331-4689-B52A-87ABFFF02141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B739D2A5-46DF-4CE8-9BAB-6BB94743D21D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7969B764-47A6-4AC7-B18E-236FF25C6552",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "26E48768-FDF1-4A54-8F0E-EC4732B55D66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62B324D-6F70-41B8-B3AC-CDA6D4C3AB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7712A887-BB81-4FAE-9B76-FB9886BE41D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "817D8D01-B8E1-4F86-9ACE-0CAF87DA13A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA90F46D-9A07-47ED-9A61-C82CBF823D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BDCFE16-45B4-4ADA-AD2D-CBD7706A0C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A84CE53C-EFC2-4DAA-B3A5-E165F9AE56FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F97C5D09-EDA5-4FDC-B93B-65A7BBE87395",
              "versionEndIncluding": "5.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D293B038-228E-42B6-BC99-9BDFCD8D562C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "789C86D0-A11F-4C40-950A-5A617AD7C23A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C366E672-CD77-4932-80D2-09A61B3B1A8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7055FD2-C107-4D23-8B8C-28607C0C0ADA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3242EC5F-0091-4097-9C6E-ADE5100017AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via (1) the Online Designer or (2) the Data Dictionary upload, as demonstrated by an eval call."
    },
    {
      "lang": "es",
      "value": "REDCap anterior a v5.0.4 y v5.1.x anterior a v5.1.3 no rechaza cierta sintaxis no documentada dentro de la l\u00f3gica de bifurcaci\u00f3n y c\u00e1lculos, lo que permite a usuarios autenticados remotamente evitar las restricciones de acceso establecidas a trav\u00e9s de (1) el Online Designer o (2) el Data Dictionary Upload, como se demostr\u00f3 por una llamada eval."
    }
  ],
  "id": "CVE-2013-4609",
  "lastModified": "2024-11-21T01:55:55.270",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-06-17T11:38:53.570",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-06-17 11:38
Modified
2024-11-21 01:46
Severity ?
Summary
REDCap before 4.14.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the logic of a custom rule.
References
cve@mitre.orghttp://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf
af854a3a-2127-422b-91ae-364da2661108http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf
Impacted products
Vendor Product Version
project-redcap redcap *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C43F6F73-D89C-4C39-ADA7-270C0EE8154D",
              "versionEndIncluding": "4.13.18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "REDCap before 4.14.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the logic of a custom rule."
    },
    {
      "lang": "es",
      "value": "REDCap anterior a v4.14.0 permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de metacaracteres de shell en la l\u00f3gica de una regla personalizada"
    }
  ],
  "id": "CVE-2012-6567",
  "lastModified": "2024-11-21T01:46:23.667",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-06-17T11:38:48.913",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2013-06-17 11:38
Modified
2024-11-21 01:55
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in REDCap before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving different modules.
References
cve@mitre.orghttp://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf
af854a3a-2127-422b-91ae-364da2661108http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf
Impacted products
Vendor Product Version
project-redcap redcap 4.13.18
project-redcap redcap 4.14.5
project-redcap redcap 4.14.6
project-redcap redcap 4.15.0
project-redcap redcap 4.15.1
project-redcap redcap 4.15.2
project-redcap redcap 4.15.3
project-redcap redcap 4.15.4
project-redcap redcap 5.0.0
project-redcap redcap 5.0.1
project-redcap redcap 5.0.2
project-redcap redcap 5.0.3
project-redcap redcap 5.0.4
project-redcap redcap 5.0.5
vanderbilt redcap *
vanderbilt redcap 4.14.0
vanderbilt redcap 4.14.1
vanderbilt redcap 4.14.2
vanderbilt redcap 4.14.3
vanderbilt redcap 4.14.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.13.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "58C92B2E-A9AF-43B4-B1E4-7A873AF1DEAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA4E7E65-1147-4620-B31F-617D34822E9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.14.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "00CED35E-7640-44D4-B5A4-EED2D0163C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61C3C73D-1818-4DB7-A806-FC999EADE7E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8347F389-9331-4689-B52A-87ABFFF02141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B739D2A5-46DF-4CE8-9BAB-6BB94743D21D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7969B764-47A6-4AC7-B18E-236FF25C6552",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:4.15.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "26E48768-FDF1-4A54-8F0E-EC4732B55D66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62B324D-6F70-41B8-B3AC-CDA6D4C3AB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7712A887-BB81-4FAE-9B76-FB9886BE41D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "817D8D01-B8E1-4F86-9ACE-0CAF87DA13A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5241C18D-9714-4DEA-9552-55DD3FBE4613",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "220E8227-7D41-48A9-9D61-BEB47EB19FCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:project-redcap:redcap:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D82141E-A1F3-474C-86CE-C7409C4E445F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82D2498A-677C-41B3-8966-0DC701401F88",
              "versionEndIncluding": "5.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D293B038-228E-42B6-BC99-9BDFCD8D562C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "789C86D0-A11F-4C40-950A-5A617AD7C23A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C366E672-CD77-4932-80D2-09A61B3B1A8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7055FD2-C107-4D23-8B8C-28607C0C0ADA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vanderbilt:redcap:4.14.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3242EC5F-0091-4097-9C6E-ADE5100017AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in REDCap before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving different modules."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de cross-site scripting (XSS) en REDCap anterior a v5.1.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados implicando diferentes m\u00f3dulos."
    }
  ],
  "id": "CVE-2013-4612",
  "lastModified": "2024-11-21T01:55:55.690",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-06-17T11:38:53.637",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2013-4609
Vulnerability from cvelistv5
Published
2013-06-17 10:00
Modified
2024-09-17 01:05
Severity ?
Summary
REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via (1) the Online Designer or (2) the Data Dictionary upload, as demonstrated by an eval call.
References
http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdfx_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:52:26.693Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via (1) the Online Designer or (2) the Data Dictionary upload, as demonstrated by an eval call."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-06-17T10:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-4609",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via (1) the Online Designer or (2) the Data Dictionary upload, as demonstrated by an eval call."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf",
              "refsource": "CONFIRM",
              "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-4609",
    "datePublished": "2013-06-17T10:00:00Z",
    "dateReserved": "2013-06-17T00:00:00Z",
    "dateUpdated": "2024-09-17T01:05:49.110Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-4612
Vulnerability from cvelistv5
Published
2013-06-17 10:00
Modified
2024-09-17 00:20
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in REDCap before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving different modules.
References
http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdfx_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:52:26.602Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in REDCap before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving different modules."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-06-17T10:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-4612",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in REDCap before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving different modules."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf",
              "refsource": "CONFIRM",
              "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-4612",
    "datePublished": "2013-06-17T10:00:00Z",
    "dateReserved": "2013-06-17T00:00:00Z",
    "dateUpdated": "2024-09-17T00:20:53.561Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-4610
Vulnerability from cvelistv5
Published
2013-06-17 10:00
Modified
2024-09-17 00:21
Severity ?
Summary
Unspecified vulnerability in the Data Search utility in data-entry forms in REDCap before 5.0.3 and 5.1.x before 5.1.2 has unknown impact and remote attack vectors.
References
http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdfx_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:52:26.656Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Data Search utility in data-entry forms in REDCap before 5.0.3 and 5.1.x before 5.1.2 has unknown impact and remote attack vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-06-17T10:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-4610",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Data Search utility in data-entry forms in REDCap before 5.0.3 and 5.1.x before 5.1.2 has unknown impact and remote attack vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf",
              "refsource": "CONFIRM",
              "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-4610",
    "datePublished": "2013-06-17T10:00:00Z",
    "dateReserved": "2013-06-17T00:00:00Z",
    "dateUpdated": "2024-09-17T00:21:36.554Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-6567
Vulnerability from cvelistv5
Published
2013-06-17 10:00
Modified
2024-09-16 17:37
Severity ?
Summary
REDCap before 4.14.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the logic of a custom rule.
References
http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdfx_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:36:00.287Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "REDCap before 4.14.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the logic of a custom rule."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-06-17T10:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-6567",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "REDCap before 4.14.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the logic of a custom rule."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf",
              "refsource": "CONFIRM",
              "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-6567",
    "datePublished": "2013-06-17T10:00:00Z",
    "dateReserved": "2013-06-17T00:00:00Z",
    "dateUpdated": "2024-09-16T17:37:37.151Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-4611
Vulnerability from cvelistv5
Published
2013-06-17 10:00
Modified
2024-09-17 04:19
Severity ?
Summary
Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknown impact via vectors involving (1) the Online Designer page or (2) the Manage Survey Participants page.
References
http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdfx_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:52:26.371Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknown impact via vectors involving (1) the Online Designer page or (2) the Manage Survey Participants page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-06-17T10:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-4611",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknown impact via vectors involving (1) the Online Designer page or (2) the Manage Survey Participants page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf",
              "refsource": "CONFIRM",
              "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-4611",
    "datePublished": "2013-06-17T10:00:00Z",
    "dateReserved": "2013-06-17T00:00:00Z",
    "dateUpdated": "2024-09-17T04:19:21.749Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2013-4608
Vulnerability from cvelistv5
Published
2013-06-17 10:00
Modified
2024-09-16 19:24
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in REDCap before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving the Graphical Data View & Descriptive Stats page.
References
http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdfx_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:52:26.545Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in REDCap before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving the Graphical Data View \u0026 Descriptive Stats page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-06-17T10:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-4608",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in REDCap before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving the Graphical Data View \u0026 Descriptive Stats page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf",
              "refsource": "CONFIRM",
              "url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-4608",
    "datePublished": "2013-06-17T10:00:00Z",
    "dateReserved": "2013-06-17T00:00:00Z",
    "dateUpdated": "2024-09-16T19:24:10.685Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}