CVE-2021-42112

CVE-2021-42112

The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.

GHSA-h9ph-jcgh-gf69

Cross-site Scripting in Limesurvey