First published: Thu Dec 31 2020(Updated: )
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Limesurvey Limesurvey | =3.21.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-25799.
The severity rating of CVE-2020-25799 is medium (5.4).
In LimeSurvey 3.21.1, the Quota component of the Survey page is affected by this XSS vulnerability.
When viewing the survey quota, specifically by an administrative user, the JavaScript code will be executed in the browser, exploiting the XSS vulnerability.
Yes, you can find more information about this vulnerability at the following references: [https://bugs.limesurvey.org/view.php?id=15681](https://bugs.limesurvey.org/view.php?id=15681) and [https://github.com/LimeSurvey/LimeSurvey/commit/a5f317817da4577d9ff457fea9c96482b3d1df23](https://github.com/LimeSurvey/LimeSurvey/commit/a5f317817da4577d9ff457fea9c96482b3d1df23).