CVE-2020-25797

MEDIUM5.4EPSS 0.26%

發布日:2024/3/6修改日:2025/4/3

描述

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser.

受影響套件(1)

Bitnami/limesurvey>= 3.21.1, < 3.21.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

參考連結(3)

WEBhttps://bugs.limesurvey.org/view.php?id=15680
WEBhttps://github.com/LimeSurvey/LimeSurvey/commit/0a7bdfa1c166f734d11a1528c8d9a7d61b670ad7
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2020-25797