CVE-2020-25799
MEDIUM WAF: High
CVSS 5.4
Published: 2020-12-31
CWE-79
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.
WAF Coverage Analysis
Cross-Site Scripting (XSS)
High WAF Coverage
OWASP: A03:2021 Injection
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| limesurvey | limesurvey | 3.21.1 |
References
- bugs.limesurvey.org (Exploit, Vendor Advisory)
- github.com (Patch, Vendor Advisory)