CVE-2024-37396

Name of the Vulnerable Software and Affected Versions REDCap version 13.1.9

Description A stored cross-site scripting (XSS) issue in the Calendar function allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the Notes field of a calendar event. This could lead to the execution of malicious scripts when the event is viewed.

Recommendations For REDCap version 13.1.9, update to version 14.2.1 or later to remediate this issue. As a temporary workaround, consider restricting access to the Calendar function or avoiding the use of the Notes field in calendar events until the update is applied.