Vanderbilt: community verdicts
2 notable / known-exploited Vanderbilt CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Vanderbilt CVE, see NVD ↗.
- CVE-2023-37798MED 5.4EPSS 0%
A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.
- CVE-2024-55374MED 5.3EPSS 0%
REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between login attempts.