CVE-2024-28709

Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.
Configurations

Configuration 1 (hide)

cpe:2.3:a:limesurvey:limesurvey:*:*:*:*:*:*:*:*

History

15 Oct 2024, 13:19

Type Values Removed Values Added
References () http://limesurvey.com - () http://limesurvey.com - Product
References () https://github.com/LimeSurvey/LimeSurvey/commit/c844c4fba81cc26ffe6544bf095bad6252910bc0 - () https://github.com/LimeSurvey/LimeSurvey/commit/c844c4fba81cc26ffe6544bf095bad6252910bc0 - Patch
First Time Limesurvey
Limesurvey limesurvey
CWE CWE-79
CPE cpe:2.3:a:limesurvey:limesurvey:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
Summary
  • (es) La vulnerabilidad de cross-site scripting en LimeSurvey anterior a 6.5.12+240611 permite a un atacante remoto ejecutar código arbitrario a través de una secuencia de comandos manipulado específicamente para los campos de título y comentarios.

07 Oct 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-07 16:15

Updated : 2024-10-15 13:19


NVD link : CVE-2024-28709

Mitre link : CVE-2024-28709

CVE.ORG link : CVE-2024-28709


JSON object : View

Products Affected

limesurvey

  • limesurvey
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')