Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component.
References
Configurations
History
10 Jan 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Nov 2023, 01:22
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:limesurvey:limesurvey:*:*:*:*:*:*:*:* | |
References | () https://github.com/LimeSurvey/LimeSurvey/pull/3483 - Patch | |
References | () https://github.com/Hebing123/CVE-2023-44796/issues/1 - Exploit | |
References | () https://github.com/limesurvey/limesurvey/commit/135511073c51c332613dd7fad9a8ca0aad34a3fe - Patch | |
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
First Time |
Limesurvey limesurvey
Limesurvey |
18 Nov 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-18 00:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-44796
Mitre link : CVE-2023-44796
CVE.ORG link : CVE-2023-44796
JSON object : View
Products Affected
limesurvey
- limesurvey
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')