VYPR
Unrated severityOSV Advisory· Published Jan 28, 2026· Updated Mar 5, 2026

LimeSurvey <= 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting

CVE-2020-36993

Description

LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenu[title] and Surveymenu[parent_id] parameters to execute arbitrary JavaScript in administrative contexts.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Limesurvey/LimesurveyOSV2 versions
    1.45a, 1.45a_2007-02-24, 1.50_2007-08-06, …+ 1 more
    • (no CPE)range: 1.45a, 1.45a_2007-02-24, 1.50_2007-08-06, …
    • (no CPE)range: <=4.3.10

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.