Description

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.

Remediation

References

CVE-2020-25799

Related Vulnerabilities

Vanilla Forums Other Vulnerability (CVE-2011-0910)

MediaWiki CVE-2023-29141 Vulnerability (CVE-2023-29141)

WordPress Plugin Dynamic Widgets 'id' Parameter Cross-Site Scripting (1.5.1)

WordPress Plugin NextGEN Gallery-WordPress Gallery Multiple Vulnerabilities (2.0.77)

Joomla! Core 1.7.0 Information Disclosure (1.7.0)

Severity

Medium

Classification

CVE-2020-25799 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities