View Revisions: Issue #15672

Summary 15672: LimeSurvey 3.21.1 Cross Site Scripting
Revision 2020-05-04 09:43 by ollehar
Steps To Reproduce Instance 1: - (Stored Cross Site Scripting XSS vulnerabilities)

The attacker needs the appropriate permissions in order to create new Attributes.
Then create an Attribute with a JavaScript payload in the Drop-down fields, for example:

Visit configurations > central participant database > Attributes.
Now create new Attributes. Fro attribute type, select Drop-down list and click add. Now insert below XSS payload into the field and click save. (Check first image below)

test<input><svg+"/onmouseover="confirm('AttDropdown');//"onload=onload>so5cx\\\"onmouseover=alert('AttDropdown');//><iframe/onmouseover=alert('AttDropdown')></iframe>//

Once saved, now click edit (see second image).

Once the edit window opens it will be noted that the IFRAME has been created. When the attribute is being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser. See third image below.


Revision 2019-12-17 21:41 by misheljava
Steps To Reproduce Instance 1: - (Stored Cross Site Scripting XSS vulnerabilities)

The attacker needs the appropriate permissions in order to create new Attributes.
Then create an Attribute with a JavaScript payload in the Drop-down fields, for example:

Visit configurations > central participant database > Attributes.
Now create new Attributes. Fro attribute type, select Drop-down list and click add. Now insert below XSS payload into the field and click save. (Check first image below)

test<input><svg+"/onmouseover="confirm('AttDropdown');//"onload=onload>so5cx\\\"onmouseover=alert('AttDropdown');//><iframe/onmouseover=alert('AttDropdown')></iframe>//

Once saved, now click edit (see second image).

Once the edit window opens it will be noted that the IFRAME has been created. When the attribute is being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser. See third image below.