Description

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser.

Remediation

References

CVE-2020-25797

Related Vulnerabilities

WordPress Plugin Startklar Elementor Addons Arbitrary File Upload (1.7.13)

Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-6532)

MySQL CVE-2017-3649 Vulnerability (CVE-2017-3649)

WordPress Plugin Launcher:Coming Soon & Maintenance Mode Cross-Site Scripting (1.0.10)

Opencart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-21514)

Severity

Medium

Classification

CVE-2020-25797 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities