CVE-2020-11456
published 2020-04-01CVE-2020-11456: LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey…
PriorityP350medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EXPLOIT
EPSS
70.84%
99.3th percentile
LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| limesurvey | limesurvey | <= 4.1.11 | — |
| limesurvey | limesurvey | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP POST requests to the surveysgroups create endpoint for XSS payloads (e.g., HTML tags with event handlers) in the 'title' parameter (SurveysGroups[title]). ↗
- →Inspect POST body to /admin/surveysgroups/sa/create for URL-encoded HTML injection patterns such as %3Cimg+src%3D%2F+onerror%3D in the SurveysGroups[title] field. ↗
- →Alert on POST requests to the LimeSurvey admin panel path /admin/surveysgroups/sa/create originating from unexpected or external sources, as exploitation requires authenticated access to the admin panel. ↗
- ·The vulnerability is present in LimeSurvey versions before 4.1.12+200324; ensure instances are patched to at least this version to remediate the stored XSS in survey groups. ↗
- ·Exploitation requires authenticated access to the LimeSurvey administration panel; the attack surface is limited to users with admin credentials, but stored XSS can subsequently affect any admin viewing the survey groups. ↗
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/157114/LimeSurvey-4.1.11-Cross-Site-Scripting.htmlhttps://github.com/LimeSurvey/LimeSurvey/commit/04b118acce2a74306f365ef329cbe00efc399b26https://www.exploit-db.com/exploits/48289http://packetstormsecurity.com/files/157114/LimeSurvey-4.1.11-Cross-Site-Scripting.htmlhttps://github.com/LimeSurvey/LimeSurvey/commit/04b118acce2a74306f365ef329cbe00efc399b26https://www.exploit-db.com/exploits/48289
2020-04-01
Published