Description

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.

Remediation

References

CVE-2020-25799

Related Vulnerabilities

qdPM Multiple Cross-site Scripting (XSS) Vulnerabilities (CVE-2015-3883)

WordPress Plugin Mailster-Email Newsletter for WordPress Cross-Site Scripting (2.4.5.1)

WordPress Plugin Lightbox Photo Gallery Cross-Site Request Forgery (1.0)

WordPress Plugin Booking Calendar Directory Traversal (7.0)

MySQL CVE-2015-4767 Vulnerability (CVE-2015-4767)

Severity

Medium

Classification

CVE-2020-25799 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities