Description
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser.
Remediation
References
Related Vulnerabilities
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2022-22005)
phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-1432)
WordPress Plugin myCred-Points, Rewards, Gamification, Ranks, Badges & Loyalty SQL Injection (2.2)
Plone CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33511)