Cross-Site Scripting in LimeSurvey Quota Component by LimeSurvey
CVE-2020-25799

5.4MEDIUM

Key Information:

Vendor: Limesurvey
Status: Limesurvey
Vendor: CVE Published:; 31 December 2020

What is CVE-2020-25799?

LimeSurvey version 3.21.1 has a cross-site scripting vulnerability in the Quota component that affects the Survey page. This flaw allows an attacker to execute malicious JavaScript code in the browser of an administrative user while viewing survey quotas, potentially leading to unauthorized actions or data exposure. Users are advised to apply the latest updates to mitigate this risk.

References

https://bugs.limesurvey.org/view.php?id=15681

x_refsource_MISC

https://github.com/LimeSurvey/LimeSurvey/commit/a5f317817...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 31, 2020
Vulnerability Reserved
Sep 21, 2020

Limesurvey

What is CVE-2020-25799?

References

CVSS V3.1

Timeline