Unrated severityNVD Advisory· Published Dec 31, 2020· Updated Aug 4, 2024

CVE-2020-25797

Description

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser.

Affected products

LimeSurvey/LimeSurveydescription
osv-coords
pkg:bitnami/limesurvey
Range: >= 3.21.1, < 3.21.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugs.limesurvey.org/view.phpmitrex_refsource_MISC
github.com/LimeSurvey/LimeSurvey/commit/0a7bdfa1c166f734d11a1528c8d9a7d61b670ad7mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000