CVE-2020-25797

MEDIUM WAF: High

CVSS 5.4 Published: 2020-12-31

CWE-79

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser.

WAF Coverage Analysis

Cross-Site Scripting (XSS) High WAF Coverage

OWASP: A03:2021 Injection

941xxx - XSS / XXE

Affected Software

Vendor	Product	Version
limesurvey	limesurvey	3.21.1

References

bugs.limesurvey.org (Exploit, Vendor Advisory)
github.com (Patch, Vendor Advisory)

Back to CVE Database