New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cross Site Scripting Vulnerability on "textbox" via "Notifications & data" feature in LimeSurvey version 4.2.5. #1441
Conversation
… one is in the QuestionAttribute class
…er.php, changed some of the routes
…ld controller+views
…er.php, changed some of the routes
…ld controller+views
… building js files again
…troller.php, moved question_topbar.php to correct view folder
|
Please : report the issue clearly on https://bugs.limesurvey.org/ And when you found security issue : best is to report it before make it public … |
|
Luckily just an issue if the attacker already has access to your admin backend. |
Yes (maybe) , but i need to understand if it's with XSS enable user. If yes : i think we must fix it for question->text too :) |
|
Or : maybe it's just an encode issue |
…M engine when creating tables in MySQL (#1447) Dev: Co-authored-by: jeeeckho <jens.eeckhout@ugent.be>
|
Seems CVE-2020-23710 has been assigned to this issue recently. Sorry for pining you @tranvannam186 @Shnoulle @olleharstedt but is there any info / resource available if this got fixed at all (the PR here was closed but probably should have been an issue anyway as i don't see any commit of @tranvannam186) and if so in which release of LimeSurvey? |
Dev: Cross Site Scripting Vulnerability on "textbox" via "Notifications & data" feature in LimeSurvey version 4.2.5.
**Describe the bug
An authenticated malicious user can take advantage of a Reflected XSS vulnerability on "textbox" via "Notifications & data" feature in LimeSurvey version 4.2.5
**To Reproduce
Steps to reproduce the behavior:
// # "><svg/onload=prompt(/NamTV/)>
**Expected behavior
The removal of script tags is not sufficient to prevent an XSS attack.
You must HTML Entity encode any output that is Reflected back to the page.
**Impact
Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user’s machine under the guise of the vulnerable site.
**Screenshots