WEB APPLICATION VULNERABILITIES Standard & Premium

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-25797)

Description

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser.

Remediation

References

Related Vulnerabilities

phpMyAdmin Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2016-6631)

SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2022-22005)

phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-1432)

WordPress Plugin myCred-Points, Rewards, Gamification, Ranks, Badges & Loyalty SQL Injection (2.2)

Plone CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33511)

Severity

Medium

Classification

CVE-2020-25797 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities