First published: Fri Jan 27 2023(Updated: )
** DISPUTED ** LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Welcome-message text fields. NOTE: the vendor indicates that this is not a vulnerability because the manipulation requires Superadministrator privileges, and Superadministrators are already allowed to customize surveys with JavaScript as they wish.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Limesurvey Limesurvey | =5.4.15 | |
=5.4.15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this LimeSurvey vulnerability is CVE-2022-48010.
The severity level of CVE-2022-48010 is medium (5.4).
CVE-2022-48010 is a stored cross-site scripting (XSS) vulnerability in LimeSurvey v5.4.15.
An attacker can exploit CVE-2022-48010 by executing arbitrary web scripts or HTML via a crafted payload.
There is no information available about a fix for CVE-2022-48010 at this time.