CVE-2020-25797
MEDIUMLimeSurvey 3.21.1 - Stored Cross-Site Scripting in Add Participants Function
Title source: llmDescription
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser.
References (2)
Core 2
Core References
Exploit, Vendor Advisory x_refsource_misc
https://bugs.limesurvey.org/view.php?id=15680
Patch, Vendor Advisory x_refsource_misc
https://github.com/LimeSurvey/LimeSurvey/commit/0a7bdfa1c166f734d11a1528c8d9a7d61b670ad7
Scores
CVSS v3
5.4
EPSS
0.0070
EPSS Percentile
48.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
limesurvey/limesurvey
3.21.1
Published
Dec 31, 2020
Tracked Since
Feb 18, 2026