Nixpkgs security tracker

Untriaged

Permalink CVE-2020-36993

6.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

created 2 months, 3 weeks ago

LimeSurvey <= 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting

LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenu[title] and Surveymenu[parent_id] parameters to execute arbitrary JavaScript in administrative contexts.

References

ExploitDB-48762 exploit
LimeSurvey Official Website product
LimeSurvey Patch Commit patchissue-tracking
VulnCheck Advisory: LimeSurvey <= 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting third-party-advisory

Affected products

LimeSurvey

=<4.3.10

Matching in nixpkgs

pkgs.limesurvey

Open source survey application

nixos-unstable 6.10.2+250127
- nixpkgs-unstable 6.10.2+250127
- nixos-unstable-small 6.10.2+250127
nixos-25.11 6.15.14+250924
- nixpkgs-25.11-darwin 6.15.14+250924

Package maintainers

@offlinehacker Jaka Hudoklin <jaka@x-truder.net>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.limesurvey

Package maintainers