Vulnerability Description
Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vanderbilt | Redcap | >= 8.0, < 8.10.2 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/153691/REDCap-Cross-Site-Scripting.htmlThird Party AdvisoryVDB Entry
- https://github.com/WlX-33/PoC-for-CVE/blob/main/CVE-2019-13029/REDCap%20Cross%20
- https://gitlab.com/snippets/1874216Third Party Advisory
- http://packetstormsecurity.com/files/153691/REDCap-Cross-Site-Scripting.htmlThird Party AdvisoryVDB Entry
- https://gitlab.com/snippets/1874216Third Party Advisory
FAQ
What is CVE-2019-13029?
CVE-2019-13029 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript ...
How severe is CVE-2019-13029?
CVE-2019-13029 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-13029?
Check the references section above for vendor advisories and patch information. Affected products include: Vanderbilt Redcap.