Описание
LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenu[title] and Surveymenu[parent_id] parameters to execute arbitrary JavaScript in administrative contexts.
Ссылки
- Patch
- ExploitThird Party AdvisoryVDB Entry
- Product
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.3.10 (включая)
cpe:2.3:a:limesurvey:limesurvey:*:*:*:*:*:*:*:*
EPSS
Процентиль: 15%
0.0005
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
debian
10 дней назад
LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability ...
CVSS3: 6.4
github
10 дней назад
LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenu[title] and Surveymenu[parent_id] parameters to execute arbitrary JavaScript in administrative contexts.
EPSS
Процентиль: 15%
0.0005
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79