View Issue Details

IDProjectCategoryView StatusLast Update
17028Bug reportsSurvey editingpublic2021-01-29 09:56
ReporterDenisChenu Assigned To 
Status confirmedResolutionopen 
Product Version4.4.0 
Summary17028: Script are not saved
DescriptionEven as super admin : sript on question are not saved
Steps To ReproduceLog in as super admin,
Edit question
Show script,
add `alert("XSS")` in script part
Save and close: no saved
Additional InformationRemind :
- Script must be readonly for some user (XSS+Disable question script)
- User with XSS+Disable question script can not update script (with hacking HTML)
TagsNo tags attached.
Complete LimeSurvey version number (& build)4.4.0 github
I will donate to the project if issue is resolvedNo
Browsernot relevant
Database & DB-Versionnot relevant
Server OS (if known)not relevant
Webserver software & version (if known)not relevant
PHP Versionnot relevant


related to 17027 closedollehar Bug reports Personal settings " Show script field: " to no throw error 
related to 15693 closedDenisChenu Feature requests Allow simple user to update script with XSS enable 
related to 17008 closedDenisChenu Bug reports Bad label and id in Question editor 




2021-01-29 09:07


Peek 29-01-2021 09-06.gif (968,196 bytes)


2021-01-29 09:52

manager   ~61802

Weird. The fix got lost. Thx for report


2021-01-29 09:55

developer   ~61803

Can you check with dev to merge before …

(same place)

Issue History

Date Modified Username Field Change
2021-01-29 09:07 DenisChenu New Issue
2021-01-29 09:07 DenisChenu File Added: Peek 29-01-2021 09-06.gif
2021-01-29 09:07 DenisChenu Relationship added related to 17027
2021-01-29 09:08 DenisChenu Relationship added related to 15693
2021-01-29 09:52 cdorin Note Added: 61802
2021-01-29 09:52 cdorin Priority none => normal
2021-01-29 09:52 cdorin Status new => confirmed
2021-01-29 09:55 DenisChenu Note Added: 61803
2021-01-29 09:56 DenisChenu Relationship added related to 17008