CVE-2023-37798

Name of the Vulnerable Software and Affected Versions Vanderbilt REDCap version 13.1.35

Description A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter. This enables attackers to potentially manipulate the web application's behavior.

Recommendations For Vanderbilt REDCap version 13.1.35, as a temporary workaround, consider restricting the input for the project title parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.