
We found results for “”
WS-2023-0226
Good to know:

Date: June 9, 2023
Stored XSS in Survey Groups Function in limesurvey/limesurvey
Language: JS
Severity Score
Severity Score
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79Top Fix

Upgrade Version
Upgrade to version limesurvey/limesurvey - 4.0.0-alpha+181212;limesurvey/limesurvey - dev-on-update-values-v4;limesurvey/limesurvey - dev-fix-tests;limesurvey/limesurvey - 4.2.0+200422;limesurvey/limesurvey - 3.17.0+190402;limesurvey/limesurvey - dev-scrutinizer-patch-2;limesurvey/limesurvey - dev-fix-16939-merge-mistake;limesurvey/limesurvey - dev-display-import-errors-master
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | HIGH |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | LOW |
Availability (A): | NONE |