{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T23:06:43.222","vulnerabilities":[{"cve":{"id":"CVE-2024-37394","sourceIdentifier":"cve@mitre.org","published":"2025-06-10T18:15:29.527","lastModified":"2025-06-16T15:17:46.390","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A stored cross-site scripting (XSS) vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Dashboard title' and 'Dashboard content' text boxes. This can lead to the execution of malicious scripts when the dashboard is viewed. Users are recommended to update to version 14.2.1 or later to mitigate this vulnerability."},{"lang":"es","value":"Una vulnerabilidad de cross site scripting (XSS) almacenado en los paneles de control del proyecto REDCap 13.1.9 permite a los usuarios autenticados ejecutar scripts web o HTML arbitrarios mediante la inyección de un payload manipulado en los cuadros de texto \"Título del panel\" y \"Contenido del panel\". Esto puede provocar la ejecución de scripts maliciosos al acceder al panel. Se recomienda a los usuarios actualizar a la versión 14.2.1 o posterior para mitigar esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vanderbilt:redcap:*:*:*:*:*:*:*:*","versionEndExcluding":"14.2.1","matchCriteriaId":"1142BA00-A7E2-4FC5-8BA8-C39BAB119DA8"}]}]}],"references":[{"url":"https://www.evms.edu/research/resources_services/redcap/redcap_change_log/","source":"cve@mitre.org","tags":["Release Notes"]},{"url":"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/multiple-cross-site-scripting-xss-vulnerabilities-in-redcap-cve-2024-37394-cve-2024-37395-and-cve-2024-37396/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2024-003_XSS_REDCap_1.txt","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/multiple-cross-site-scripting-xss-vulnerabilities-in-redcap-cve-2024-37394-cve-2024-37395-and-cve-2024-37396/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}}]}