A cross-site scripting vulnerability exists in versions of REDCap prior to 11.4.0, which stems from a lack of data validation filtering of user-supplied data and output in the missing data code functionality of the program. An attacker could exploit this vulnerability to execute JavaScript code on the client side.