Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-25799 - Vulnerability Database
LimeSurvey

LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-25799

Medium
Reference: CVE-2020-25799
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-25799
Title: LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed e.g. by an administrative user the JavaScript code will be executed in the browser.