CVE-2020-25799 Information

Description

LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed e.g. by an administrative user the JavaScript code will be executed in the browser.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

https://github.com/LimeSurvey/LimeSurvey/commit/a5f317817da4577d9ff457fea9c96482b3d1df23 https://bugs.limesurvey.org/view.php?id=15681

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4