CVE-2020-25797

Опубликовано: 31 дек. 2020

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser.

Ссылки

https://bugs.limesurvey.org/view.php?id=15680
Exploit
Vendor Advisory
https://github.com/LimeSurvey/LimeSurvey/commit/0a7bdfa1c166f734d11a1528c8d9a7d61b670ad7
Patch
Vendor Advisory
https://bugs.limesurvey.org/view.php?id=15680
Exploit
Vendor Advisory
https://github.com/LimeSurvey/LimeSurvey/commit/0a7bdfa1c166f734d11a1528c8d9a7d61b670ad7
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:limesurvey:limesurvey:3.21.1:*:*:*:*:*:*:*

EPSS

Процентиль: 49%

0.00263

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2020-25797

CVSS3: 5.4

debian

около 5 лет назад

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add ...

GHSA-jfwm-3rx7-mcj8

github

больше 3 лет назад