CVE-2024-24506

MEDIUM

Lime Survey CE <v.5.3.32+220817 - XSS

Title source: llm

Description

Cross Site Scripting (XSS) vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function.

Exploits (1)

exploitdb WRITEUP

by Subhankar Singh · textwebappsphp

https://www.exploit-db.com/exploits/51926

View Code ZIP pw:eip

References (2)

[Broken Link] https://bugs.limesurvey.org/bug_relationship_graph.php?bug_id=19364&graph=relation

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/51926

Scores

CVSS v3 6.1

EPSS 0.0037

EPSS Percentile 58.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

limesurvey/limesurvey 5.3.32 220817

Published Apr 03, 2024

Tracked Since Feb 18, 2026