Description

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.

Remediation

References

CVE-2020-25799

Related Vulnerabilities

WordPress Plugin WP Photo Album Plus Cross-Site Scripting (5.0.2)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-34170)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-35611)

WordPress Plugin WordPress Custom Settings Cross-Site Scripting (1.0)

WordPress Plugin Claptastic Clap! Button Multiple Cross-Site Scripting Vulnerabilities (1.3)

Severity

Medium

Classification

CVE-2020-25799 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities