View Revisions: Issue #15672

Summary 15672: LimeSurvey 3.21.1 Cross Site Scripting
Revision 2020-05-04 09:43 by ollehar
Description # Title: LimeSurvey 3.21.1 Cross Site Scripting (XSS) Stored
# Date: 16/12/2019
# Author: Guram Javakhishvili
# Vendor Homepage: https://www.limesurvey.org/
# Software : LimeSurvey 3.21.1
# Product Version: 3.21.1
# Vulnerability Type : Injection
# Vulnerability : Cross Site Scripting (XSS) Stored

LimeSurvey latest version 3.21.1 & LimeSurvey development version 4.0.0 suffer from reflective and persistent (Stored) cross site scripting and html injection vulnerabilities.

Insufficient validation of user input on the authenticated part of the Limesurvey application exposes the application to persistent cross site scripting (XSS) vulnerabilities.
These vulnerabilities enable potentially dangerous input from the user to be accepted by the application and then embedded back in the HTML response of the page returned by the web server.
Revision 2019-12-17 21:41 by misheljava
Description # Title: LimeSurvey 3.21.1 Cross Site Scripting (XSS) Stored
# Date: 16/12/2019
# Author: Guram Javakhishvili
# Vendor Homepage: https://www.limesurvey.org/
# Software : LimeSurvey 3.21.1
# Product Version: 3.21.1
# Vulnerability Type : Injection
# Vulnerability : Cross Site Scripting (XSS) Stored

LimeSurvey latest version 3.21.1 & LimeSurvey development version 4.0.0 suffer from reflective and persistent (Stored) cross site scripting and html injection vulnerabilities.

Insufficient validation of user input on the authenticated part of the Limesurvey application exposes the application to persistent cross site scripting (XSS) vulnerabilities.
These vulnerabilities enable potentially dangerous input from the user to be accepted by the application and then embedded back in the HTML response of the page returned by the web server.