WEB APPLICATION VULNERABILITIES Standard & Premium

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-25797)

Description

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser.

Remediation

References

Related Vulnerabilities

Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2021-3629)

WordPress Plugin WC Duplicate Order Unspecified Vulnerability (1.3)

Apache Tomcat version older than 7.0.30

PHP Other Vulnerability (CVE-2015-4603)

WordPress Plugin External Links-nofollow, noopener & new window Cross-Site Request Forgery (2.57)

Severity

Medium

Classification

CVE-2020-25797 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities