CVE-2020-25797
Summary
| CVE | CVE-2020-25797 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-12-31 18:15:00 UTC |
| Updated | 2021-01-05 14:20:00 UTC |
| Description | LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Limesurvey | Limesurvey | 3.21.1 | All | All | All |
| Application | Limesurvey | Limesurvey | 3.21.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 15680: LimeSurvey 3.21.1 Cross Site Scripting Stored - LimeSurvey bugs and feature requests | MISC | bugs.limesurvey.org | Exploit, Vendor Advisory |
| Fixed issue #15680: LimeSurvey 3.21.1 Cross Site Scripting Stored · LimeSurvey/LimeSurvey@0a7bdfa · GitHub | MISC | github.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.