Description
A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter ParticipantAttributeNamesDropdown of the Attributes on the central participant database page. When the survey attribute being edited or viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.
Remediation
References
Related Vulnerabilities
WordPress Plugin GA Universal Cross-Site Request Forgery (1.0)
WordPress Plugin Profile Builder-User Profile & User Registration Forms Security Bypass (3.4.8)
Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-45152)
Oracle Database Server CVE-2009-1967 Vulnerability (CVE-2009-1967)
Oracle Application Server Other Vulnerability (CVE-2007-0282)