Description

LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups).

Remediation

References

CVE-2020-11456

Related Vulnerabilities

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7834)

WordPress Plugin WP Statistics Multiple Cross-Site Scripting Vulnerabilities (2.2.4)

WordPress Plugin Contact Form Check Tester Cross-Site Scripting (1.0.2)

XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-41927)

Squid Missing Release of Resource after Effective Lifetime Vulnerability (CVE-2018-19132)

Severity

Medium

Classification

CVE-2020-11456 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities