Lucene search
MitreCVE-2023-37798HistorySep 07, 2023 - 7:15 p.m.
CVE-2023-37798
2023-09-0719:15:47
CWE-79
mitre
web.nvd.nist.gov
14
cve
37798
stored xss
vanderbilt redcap
vulnerability
web scripts
html
nvd
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
29.7%
A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.
Affected configurations
Node
vanderbiltredcapRange≤13.1.35
| Vendor | Product | Version | CPE |
|---|---|---|---|
| vanderbilt | redcap | * | cpe:2.3:a:vanderbilt:redcap:*:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2023-37798
2023-09-07 19:15:47
prion
prion
Cross site scripting
2023-09-07 19:15:00
cvelist
cvelist
CVE-2023-37798
2023-09-07 00:00:00
vulnrichment
vulnrichment
CVE-2023-37798
2023-09-07 00:00:00
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
29.7%
Related for CVE-2023-37798