Description

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser.

Remediation

References

CVE-2020-25797

Related Vulnerabilities

YOURLS Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2019-14537)

Magento Cryptographic Issues Vulnerability (CVE-2019-7855)

Drupal Other Vulnerability (CVE-2006-5476)

WordPress Plugin BuddyPress Multiple Cross-Site Request Forgery Vulnerabilities (2.8.1)

WordPress Plugin All 404 Redirect to Homepage Cross-Site Scripting (1.20)

Severity

Medium

Classification

CVE-2020-25797 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities