CVE-2020-25799

MEDIUM5.4EPSS 0.26%

Published: 3/6/2024Modified: 4/3/2025

Description

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.

Affected packages (1)

Bitnami/limesurvey>= 3.21.1, < 3.21.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References (3)

WEBhttps://bugs.limesurvey.org/view.php?id=15681
WEBhttps://github.com/LimeSurvey/LimeSurvey/commit/a5f317817da4577d9ff457fea9c96482b3d1df23
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2020-25799