CVE-2020-25799

MEDIUM5.4EPSS 0.26%

發布日:2024/3/6修改日:2025/4/3

描述

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.

受影響套件(1)

Bitnami/limesurvey>= 3.21.1, < 3.21.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

參考連結(3)

WEBhttps://bugs.limesurvey.org/view.php?id=15681
WEBhttps://github.com/LimeSurvey/LimeSurvey/commit/a5f317817da4577d9ff457fea9c96482b3d1df23
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2020-25799