CVE-2019-13029
low-risk
Published 2019-07-11
Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser.
Do I need to act?
-
0.33% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.8/10
Medium
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (5)
Third Party Advisory
http://packetstormsecurity.com/files/153691/REDCap-Cross-Site-Scripting.html
Third Party Advisory
https://gitlab.com/snippets/1874216
Third Party Advisory
http://packetstormsecurity.com/files/153691/REDCap-Cross-Site-Scripting.html
Third Party Advisory
https://gitlab.com/snippets/1874216
25
/ 100
low-risk
Severity
19/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal