LimeSurvey is vulnerable to cross-site scripting (XSS). An authenticated users with correct permissions is able to inject and execute malicious script via the parameter ParticipantAttributeNamesDropdown
of the Attributes on the central participant database page.
CPE | Name | Operator | Version |
---|---|---|---|
limesurvey/limesurvey | le | 3.21.2+191216 |