Cross Site Scripting Vulnerability in LimeSurvey by LimeSurvey
CVE-2024-28710

6.1MEDIUM

Key Information:

Vendor: Limesurvey
Status: Limesurvey
Vendor: CVE Published:; 7 October 2024

What is CVE-2024-28710?

A Cross Site Scripting vulnerability exists in LimeSurvey prior to version 6.5.0+240319, allowing remote attackers to execute arbitrary code due to insufficient input validation and output encoding in the Alert Widget's message component. This flaw may let malicious users inject script or HTML code, which could compromise user data and application integrity. It is crucial for administrators to update to the latest version to mitigate this risk and protect sensitive information.

References

http://limesurvey.com

https://github.com/LimeSurvey/LimeSurvey/commit/c2fd60f94...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2024

Limesurvey

What is CVE-2024-28710?

References

CVSS V3.1

Timeline