Description

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser.

Remediation

References

CVE-2020-25797

Related Vulnerabilities

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.12)

Oracle JRE CVE-2013-0443 Vulnerability (CVE-2013-0443)

Ruby Out-of-bounds Read Vulnerability (CVE-2022-28739)

Perl Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1487)

WordPress Plugin WP-SpamFree Anti-Spam Cross-Site Scripting (2.1.1.6)

Severity

Medium

Classification

CVE-2020-25797 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities