Lucene search
PRIOn knowledge basePRION:CVE-2022-48010HistoryJan 27, 2023 - 6:15 p.m.
Cross site scripting
2023-01-2718:15:00
PRIOn knowledge base
www.prio-n.com
3
limesurvey v5.4.15
cross-site scripting
stored vulnerability
arbitrary web scripts
0.001 Low
EPSS
Percentile
21.4%
LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Welcome-message text fields. NOTE: the vendor indicates that this is not a vulnerability because the manipulation requires Superadministrator privileges, and Superadministrators are already allowed to customize surveys with JavaScript as they wish.
| CPE | Name | Operator | Version |
|---|---|---|---|
| limesurvey | eq | 5.4.15 |
Related
osv
osv
BIT-limesurvey-2022-48010
2024-03-06 10:55:29
cve
cve
CVE-2022-48010
2023-01-27 18:15:15
cvelist
cvelist
CVE-2022-48010
2023-01-27 00:00:00
nvd
nvd
CVE-2022-48010
2023-01-27 18:15:15
vulnrichment
vulnrichment
CVE-2022-48010
2023-01-27 00:00:00
openvas
openvas
LimeSurvey <= 5.4.15 Multiple Vulnerabilities
2023-02-01 00:00:00