CVE-2024-28710

Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.
Configurations

Configuration 1 (hide)

cpe:2.3:a:limesurvey:limesurvey:*:*:*:*:*:*:*:*

History

15 Oct 2024, 13:18

Type Values Removed Values Added
CWE CWE-79
First Time Limesurvey
Limesurvey limesurvey
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CPE cpe:2.3:a:limesurvey:limesurvey:*:*:*:*:*:*:*:*
Summary
  • (es) Una vulnerabilidad de cross-site scripting en LimeSurvey anterior a la versión 6.5.0+240319 permite a un atacante remoto ejecutar código arbitrario a través de una falta de validación de entrada y codificación de salida en el componente de mensaje del widget de alerta.
References () http://limesurvey.com - () http://limesurvey.com - Product
References () https://github.com/LimeSurvey/LimeSurvey/commit/c2fd60f94bc1db275f20cbb27a3135a9bdfb7f10 - () https://github.com/LimeSurvey/LimeSurvey/commit/c2fd60f94bc1db275f20cbb27a3135a9bdfb7f10 - Patch

07 Oct 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-07 16:15

Updated : 2024-10-15 13:18


NVD link : CVE-2024-28710

Mitre link : CVE-2024-28710

CVE.ORG link : CVE-2024-28710


JSON object : View

Products Affected

limesurvey

  • limesurvey
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')