CVE-2024-37394

Name of the Vulnerable Software and Affected Versions REDCap versions 13.1.9

Description A stored cross-site scripting (XSS) issue in the Project Dashboards allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the Dashboard title and Dashboard content text boxes. This can lead to the execution of malicious scripts when the dashboard is viewed.

Recommendations For REDCap version 13.1.9, update to version 14.2.1 or later to mitigate this issue. As a temporary workaround, consider restricting access to the Project Dashboards feature until the update is applied. Avoid using the Dashboard title and Dashboard content text boxes for any untrusted input until the issue is resolved.