You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
LimeSurvey 6.2.9-230925 has a storage based XSS vulnerability caused by importManifest in limesurvey/limesurvey
Description
A regular user with "theme" privileges who maliciously sets the "templatename" during the importManifest process can lead to a stored Cross-Site Scripting (XSS) vulnerability.
Proof of Concept
The first step is to create a user with only 'theme' permission.
Log in to this user and make a request to/index.php/themeOptions/importManifest.
Payload: "><script>alert(1)</script>//
LimeSurvey 6.2.9-230925 has a storage based XSS vulnerability caused by importManifest in limesurvey/limesurvey
Description
A regular user with "theme" privileges who maliciously sets the "templatename" during the importManifest process can lead to a stored Cross-Site Scripting (XSS) vulnerability.
Proof of Concept
The first step is to create a user with only 'theme' permission.
Log in to this user and make a request to/index.php/themeOptions/importManifest.
Payload:
"><script>alert(1)</script>//
Request:
When administrators or other users access http://192.168.160.130/index.php/themeOptions
When, it will be subjected to storage based XSS attacks.
Impact
Attackers can import a templatename containing a payload to execute JavaScript code and hijack the administrator’s cookie.
tiborpacalat marked this as fixed in 6.2.9+230925 with commit 135511 2 months ago
The text was updated successfully, but these errors were encountered: