Lucene search

Veracode Vulnerability DatabaseVERACODE:44321

HistoryNov 20, 2023 - 6:52 a.m.

Cross-Site Scripting(XSS)

2023-11-2006:52:07

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

limesurvey

xss

vulnerability

_generaloptions_panel.php

privilege escalation

injection

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.7%

JSON

LimeSurvey is vulnerable to Cross-site Scripting (XSS). The vulnerability is caused due to a lack of sanitization in _generaloptions_panel.php. This could allow an attacker to escalate privileges by injecting malicious scripts.

CPENameOperatorVersion
limesurvey/limesurveyle2018012401.x-dev
limesurvey/limesurveyle2018012401.x-dev

CPE	Name	Operator	Version
	limesurvey/limesurvey	le	2018012401.x-dev
	limesurvey/limesurvey	le	2018012401.x-dev

References

github.com/Hebing123/CVE-2023-44796/issues/1

github.com/Hebing123/cve/issues/4

github.com/limesurvey/limesurvey/commit/135511073c51c332613dd7fad9a8ca0aad34a3fe

github.com/LimeSurvey/LimeSurvey/pull/3483