Description

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser.

Remediation

References

CVE-2020-25797

Related Vulnerabilities

WordPress Plugin WHIZZ Cross-Site Scripting (1.0.7)

Apache HTTP Server Other Vulnerability (CVE-2003-0253)

OpenSSL Observable Discrepancy Vulnerability (CVE-2022-4304)

WordPress Plugin Gallery-Video Gallery and Youtube Gallery Cross-Site Scripting (1.7.01)

WordPress Plugin WordPress Download Manager Cross-Site Scripting (3.2.15)

Severity

Medium

Classification

CVE-2020-25797 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities