Cross Site Scripting Vulnerability in LimeSurvey by LimeSurvey
CVE-2024-28709

6.1MEDIUM

Key Information:

Vendor: Limesurvey
Status: Limesurvey
Vendor: CVE Published:; 7 October 2024

What is CVE-2024-28709?

A Cross Site Scripting (XSS) vulnerability in LimeSurvey prior to version 6.5.12+240611 permits remote attackers to execute arbitrary scripts. By inserting malicious code into the title and comment fields, an attacker can manipulate the application to send this script to users. If successful, this attack can lead to unauthorized access and data compromise, highlighting the need for timely updates and security practices.

References

http://limesurvey.com

https://github.com/LimeSurvey/LimeSurvey/commit/c844c4fba...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 7, 2024

Limesurvey

What is CVE-2024-28709?

References

CVSS V3.1

Timeline