First published: Tue May 24 2022(Updated: )
A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Limesurvey Limesurvey | <=5.3.9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-29710 is a cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below, which allows attackers to execute arbitrary web scripts or HTML via a crafted plugin.
CVE-2022-29710 allows attackers to execute arbitrary web scripts or HTML, posing a risk to the integrity and security of LimeSurvey.
CVE-2022-29710 has a severity rating of 6.1/10, which is considered medium.
LimeSurvey versions up to and including v5.3.9 are affected by CVE-2022-29710.
To fix the CVE-2022-29710 vulnerability, it is recommended to update LimeSurvey to a version higher than v5.3.9 by applying the patch provided by the vendor.