CVE-2020-25799

Опубликовано: 31 дек. 2020

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.

Ссылки

https://bugs.limesurvey.org/view.php?id=15681
Exploit
Vendor Advisory
https://github.com/LimeSurvey/LimeSurvey/commit/a5f317817da4577d9ff457fea9c96482b3d1df23
Patch
Vendor Advisory
https://bugs.limesurvey.org/view.php?id=15681
Exploit
Vendor Advisory
https://github.com/LimeSurvey/LimeSurvey/commit/a5f317817da4577d9ff457fea9c96482b3d1df23
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:limesurvey:limesurvey:3.21.1:*:*:*:*:*:*:*

EPSS

Процентиль: 49%

0.00263

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2020-25799

CVSS3: 5.4

debian

около 5 лет назад

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quo ...

GHSA-8q5h-q6w3-hpf3

github

больше 3 лет назад