CVE-2021-42112

Опубликовано: 08 окт. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.

Ссылки

https://bugs.limesurvey.org/view.php?id=17562
Permissions Required
https://github.com/LimeSurvey/LimeSurvey/commit/d56619a50cfd191bbffd0adb660638a5e438070d
Patch
Third Party Advisory
https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_limesurvey_-_cve-2021-42112.pdf
Exploit
Third Party Advisory
https://bugs.limesurvey.org/view.php?id=17562
Permissions Required
https://github.com/LimeSurvey/LimeSurvey/commit/d56619a50cfd191bbffd0adb660638a5e438070d
Patch
Third Party Advisory
https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_limesurvey_-_cve-2021-42112.pdf
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:limesurvey:limesurvey:*:*:*:*:*:*:*:*

Версия от 3.0.0 (включая) до 3.27.18 (включая)

EPSS

Процентиль: 68%

0.00576

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-42112

CVSS3: 6.1

debian

больше 4 лет назад

The "File upload question" functionality in LimeSurvey 3.x-LTS through ...

GHSA-h9ph-jcgh-gf69

CVSS3: 6.1

github

больше 4 лет назад

Cross-site Scripting in Limesurvey

EPSS

Процентиль: 68%

0.00576

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79