Exploitation Summary
EIP tracks 1 public exploit for CVE-2024-24506. PoCs published by Subhankar Singh.
AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in LimeSurvey Community Edition Version 5.3.32+220817. The vulnerability allows an attacker to inject malicious JavaScript payloads into the 'Administrator email address' field, which are then executed when the page is saved or reloaded.
Description
Cross Site Scripting (XSS) vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function.
Exploits (1)
This is a writeup describing a stored XSS vulnerability in LimeSurvey Community Edition Version 5.3.32+220817. The vulnerability allows an attacker to inject malicious JavaScript payloads into the 'Administrator email address' field, which are then executed when the page is saved or reloaded.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N