CVE-2020-36993

Medium CVSS: 5.1

LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenu[title] and Surveymenu[parent_id] parameters to execute arbitrary JavaScript in administrative contexts.

Vendor

Limesurvey

Product

Limesurvey

CWE

CWE-79

Yayın Tarihi

2026-01-28 13:15:52

Güncelleme

2026-02-02 16:16:14

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-79 Limesurvey MEDIUM Limesurvey 2026

Referanslar

https://github.com/LimeSurvey/LimeSurvey/commit/3712854a8fd8d875c67640969a1d54c4d93d3676 https://www.exploit-db.com/exploits/48762 https://www.limesurvey.org https://www.vulncheck.com/advisories/limesurvey-survey-menu-persistent-cross-site-scripting

Benzer Kayıtlar

High

CVE-2025-56421

SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive informatio…

Critical

CVE-2025-56422

A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code o…

Medium

CVE-2025-41074

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optout that causes infinite HTTP redirects when accessed directly.…

Medium

CVE-2025-41075

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. Th…

Medium

CVE-2025-41076

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed ses…

Critical

CVE-2025-41375

SQL Injection vulnerability in Limesurvey v2.65.1+170522. This vulnerability allows an attacker to retrieve, create, upd…