CVE-2019-15127
published 2019-08-21CVE-2019-15127: REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file.
PriorityP423medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
EPSS
0.53%
40.8th percentile
REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vanderbilt | redcap | < 9.3.0 | 9.3.0 |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wqjr-9mp6-f95c: REDCap before 9
ghsa_unreviewed·2022-05-24
CVE-2019-15127 [MEDIUM] CWE-79 GHSA-wqjr-9mp6-f95c: REDCap before 9
REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file.
OSV
italc vulnerabilities
osv·2020-09-28·CVSS 9.8
CVE-2019-15681 italc vulnerabilities
italc vulnerabilities
It was discovered that an information disclosure vulnerability existed in the
LibVNCServer vendored in iTALC when sending a ServerCutText message. An
attacker could possibly use this issue to expose sensitive information.
(CVE-2019-15681)
It was discovered that the LibVNCServer and LibVNCClient vendored in iTALC
incorrectly handled certain packet lengths. A remote attacker could possibly
use this issue to obtain sensitive information, cause a denial of service, or
execute arbitrary code.
(CVE-2018-15127 CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022,
CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750,
CVE-2018-7225, CVE-2019-15681)
No detection rules found.
No public exploits indexed.
2019-08-21
Published