Moderate severityNVD Advisory· Published Oct 7, 2024· Updated Mar 25, 2025
CVE-2024-28710
CVE-2024-28710
Description
Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
limesurvey/limesurveyPackagist | < 6.5.0 | 6.5.0 |
Affected products
3- osv-coords2 versions
< 6.5.0+ 1 more
- (no CPE)range: < 6.5.0
- (no CPE)range: < 6.5.0
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.