Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Welcome-message text fields. NOTE: the vendor indicates that this is not a vulnerability because the manipulation requires Superadministrator privileges, and Superadministrators are already allowed to customize surveys with JavaScript as they wish.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
LimeSurvey 跨站脚本漏洞
Vulnerability Description
LimeSurvey(前称PHPSurveyor)是Limesurvey团队的一套开源的在线问卷调查程序,它支持调查程序开发、调查问卷发布以及数据收集等功能。 LimeSurvey v5.4.15版本存在跨站脚本漏洞,该漏洞源于其/index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts组件对Description或Welcome-message的文本字段的操作允许攻击者注入精心制作的有效载荷实现存储型跨站脚本导致执行任
CVSS Information
N/A
Vulnerability Type
N/A