CVE-2020-25799 — MEDIUM (5.4)

Vulnerability Description

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Limesurvey	Limesurvey	3.21.1

Related Weaknesses (CWE)

CWE-79

References

https://bugs.limesurvey.org/view.php?id=15681ExploitVendor Advisory
https://github.com/LimeSurvey/LimeSurvey/commit/a5f317817da4577d9ff457fea9c96482PatchVendor Advisory
https://bugs.limesurvey.org/view.php?id=15681ExploitVendor Advisory
https://github.com/LimeSurvey/LimeSurvey/commit/a5f317817da4577d9ff457fea9c96482PatchVendor Advisory

FAQ

What is CVE-2020-25799?

CVE-2020-25799 is a vulnerability with a CVSS score of 5.4 (MEDIUM). LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be e...

How severe is CVE-2020-25799?

CVE-2020-25799 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-25799?

Check the references section above for vendor advisories and patch information. Affected products include: Limesurvey Limesurvey.