CVE-2020-25799
Summary
| CVE | CVE-2020-25799 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-12-31 18:15:00 UTC |
| Updated | 2021-01-05 13:40:00 UTC |
| Description | LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Limesurvey | Limesurvey | 3.21.1 | All | All | All |
| Application | Limesurvey | Limesurvey | 3.21.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 15681: LimeSurvey 3.21.1 Cross Site Scripting Stored - LimeSurvey bugs and feature requests | MISC | bugs.limesurvey.org | Exploit, Vendor Advisory |
| Fixed issue #15681: LimeSurvey 3.21.1 Cross Site Scripting Stored · LimeSurvey/LimeSurvey@a5f3178 · GitHub | MISC | github.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.