Description

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.

Remediation

References

CVE-2020-25799

Related Vulnerabilities

WordPress Plugin Cookie Notification for WordPress-WP Cookie User Info includes Backdoor [Only if downloaded via the vendor website] (1.0.7)

WordPress Plugin Catch Breadcrumb Security Bypass (1.6)

WordPress Plugin Google Analytics Dashboard Plugin for WordPress by MonsterInsights Cross-Site Scripting (7.1.0)

WordPress Plugin Frontend File Manager Multiple Vulnerabilities (21.2)

WordPress Plugin Snow Monkey Forms Directory Traversal (5.1.1)

Severity

Medium

Classification

CVE-2020-25799 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities