CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-25799

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 49.7%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://bugs.limesurvey.org/view.php?id=15681
https://github.com/LimeSurvey/LimeSurvey/commit/a5f317817da4577d9ff457fea9c96482b3d1df23
https://bugs.limesurvey.org/view.php?id=15681
https://github.com/LimeSurvey/LimeSurvey/commit/a5f317817da4577d9ff457fea9c96482b3d1df23

Products affected by CVE-2020-25799

Limesurvey » Limesurvey » Version: 3.21.1

cpe:2.3:a:limesurvey:limesurvey:3.21.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-25799

Products

Pricing

Contact Us