Mohit Kalsi

**Name of the Vulnerable Software and Affected Versions** Vanderbilt REDCap version 13.1.35 **Description** A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the `project title` parameter. This enables attackers to potentially manipulate the web application's behavior. **Recommendations** For Vanderbilt REDCap version 13.1.35, as a temporary workaround, consider restricting the input for the `project title` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.