XSS Vulnerability in LimeSurvey Product by LimeSurvey
CVE-2021-42112

6.1MEDIUM

Key Information:

Vendor

Limesurvey

Status
Limesurvey
Vendor
CVE Published:
8 October 2021

What is CVE-2021-42112?

The 'File upload question' feature in LimeSurvey versions 3.x-LTS up to 3.27.18 is vulnerable to Cross-Site Scripting (XSS). This vulnerability arises from improper handling of user-supplied input in the assets/scripts/modaldialog.js and assets/scripts/uploader.js files. Exploitation of this flaw could allow an attacker to inject malicious scripts, which may compromise the integrity of the web application and potentially lead to unauthorized access or data theft. It is critical for administrators using affected versions to apply necessary updates or patches to mitigate the risk.

References

https://bugs.limesurvey.org/view.php?id=17562
x_refsource_MISC
https://github.com/LimeSurvey/LimeSurvey/commit/d56619a50...
x_refsource_MISC
https://www.on-x.com/sites/default/files/on-x_-_security_...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.