CNNVD-202601-4759 Information
CNNVD ID
CNNVD-202601-4759
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
LimeSurvey(PHPSurveyor)是LimeSurvey团队的一套开源的在线问卷调查程序,它支持调查程序开发、调查问卷发布以及数据收集等功能。 LimeSurvey(PHPSurveyor)4.3.10版本存在跨站脚本漏洞,该漏洞源于管理面板的Survey Menu功能对Surveymenu[title]和Surveymenu[parent_id]参数输入清理不足,可能导致存储型跨站脚本攻击。
Description (English)
LimeSurvey (PHPSurveyor) is an open-source online questionnaire programme for the LimeSurvey team, which supports the development of survey procedures, the publication of questionnaires and the collection of data. Version 4.3.10 of LimeSurvey (PHPSurveyor) has a cross-site script loophole, which arises from the inadequate clean-up of Surveymenu [title] and Surveymenu [parent id] parameters by the Survey Menu function of the management panel, which may result in storage-type cross-station script attacks.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
LimeSurvey
Published
2026-01-28
Last Modified
2026-02-24
References
https://github.com/LimeSurvey/LimeSurvey/commit/3712854a8fd8d875c67640969a1d54c4d93d3676 https://www.exploit-db.com/exploits/48762 https://www.limesurvey.org https://www.vulncheck.com/advisories/limesurvey-survey-menu-persistent-cross-site-scripting
Patch
https://github.com/LimeSurvey/LimeSurvey/tags
Share on: