Vulners
Lucene search
LimeSurvey Community 5.3.32 Cross Site Scripting
🗓️ 26 Mar 2024 00:00:00Reported by Subhankar SinghType 
packetstorm🔗 packetstormsecurity.com👁 269 Views
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | LimeSurvey Community 5.3.32 - Stored XSS Vulnerability | 27 Mar 202400:00 | – | zdt |
 | LimeSurvey 跨站脚本漏洞 | 26 Mar 202400:00 | – | cnnvd |
 | CVE-2024-24506 | 3 Apr 202400:00 | – | cve |
 | CVE-2024-24506 | 3 Apr 202400:00 | – | cvelist |
 | LimeSurvey Community 5.3.32 - Stored XSS | 25 Mar 202400:00 | – | exploitdb |
 | CVE-2024-24506 | 3 Apr 202407:15 | – | nvd |
 | LimeSurvey < 5.6.49-231212 XSS Vulnerability | 9 Apr 202400:00 | – | openvas |
 | PT-2024-20426 | 27 Mar 202400:00 | – | ptsecurity |
 | CVE-2024-24506 | 23 May 202510:07 | – | redhatcve |
 | CVE-2024-24506 | 3 Apr 202400:00 | – | vulnrichment |
10
`# Exploit Title: Stored Cross-Site Scripting (XSS) in LimeSurvey Community
Edition Version 5.3.32+220817
# Exploit Author: Subhankar Singh
# Date: 2024-02-03
# Vendor: LimeSurvey
# Software Link: https://community.limesurvey.org/releases/
# Version: LimeSurvey Community Edition Version 5.3.32+220817
# Tested on: Windows (Client)
# CVE: CVE-2024-24506
## Description:
A critical security vulnerability exists in LimeSurvey Community Edition
Version 5.3.32+220817, particularly in the "General Setting"
functionality's "Administrator email address:" field. This allows an
attacker to compromise the super-admin account, leading to potential theft
of cookies and session tokens.
## Background:
Cross-site scripting (XSS) is a common web security vulnerability that
compromises user interactions with a vulnerable application. Stored XSS
occurs when user input is stored in the application and executed whenever a
user triggers or visits the page.
## Issue:
LimeSurvey fails to properly validate user-supplied input on both client
and server sides, despite some protective measures. The "Administrator
email address:" field within the "General Setting" functionality permits
the insertion of special characters, enabling the injection of malicious
JavaScript payloads. These payloads are stored in the database and executed
when the user saves or reloads the page.
## Steps To Reproduce:
1. Log into the LimeSurvey application.
2. Navigate to the general settings.
3. Insert the following JavaScript payload in the "Administrator email
address:" field:
Payload: `[email protected]"><u>s</u><svg
onload=confirm(document.domain)>`
## Expected Result:
The LimeSurvey application should display an alert with the domain after
clicking save and reloading the page.
## Actual Result:
The LimeSurvey application is vulnerable to Stored Cross-Site Scripting, as
evidenced by the successful execution of the injected payload.
## Proof of Concept:
Attached Screenshots for the reference.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
26 Mar 2024 00:00Current
7.2High risk
Vulners AI Score7.2
EPSS0.00366