First published: Wed Apr 01 2020(Updated: )
LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Limesurvey Limesurvey | <=4.1.11 | |
Limesurvey Limesurvey | =4.1.12 | |
Limesurvey Limesurvey | =4.1.12-200324 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-11456 is medium with a score of 5.4.
CVE-2020-11456 allows for stored XSS attacks in LimeSurvey before version 4.1.12+200324.
LimeSurvey versions up to and including 4.1.11, 4.1.12, and 4.1.12-200324 are affected by CVE-2020-11456.
To fix CVE-2020-11456, update LimeSurvey to version 4.1.12+200324 or higher.
You can find more information about CVE-2020-11456 at the following references: [1] [2] [3].