LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-25797 - Vulnerability Database

LimeSurvey

LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-25797

Medium

Reference: CVE-2020-25797

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-25797

Title: LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited e.g. by an administrative user the JavaScript code will be executed in the browser.