CVE-2024-56314

Name of the Vulnerable Software and Affected Versions REDCap versions prior to 15.0.0

Description A stored cross-site scripting (XSS) vulnerability in the Project name of REDCap allows authenticated users to inject malicious scripts into the name field of a Project. When a user clicks on the project name to access it, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts.

Recommendations For versions prior to 15.0.0, update to version 15.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Project name field to minimize the risk of exploitation. Avoid using the name field in the Project settings until the issue is resolved.