reflected xss in limesurvey/limesurvey

Valid

Reported on

Feb 16th 2023

Description

reflected xss

SUMMURY

here i uses demo instalation https://demo.limesurvey.org/ in firefox browser

Proof of Concept

login into user account and visit https://demo.limesurvey.org/index.php?r=questionGroupsAdministration/view&surveyid=833657&gid=71&mode=overview&landOnSideMenuTab=xss%22%27%3E%3Cimg+src=x+onerror=alert(document.domain)%3E and see xss is executed

Impact

using xss attacker can execute any javascript code in victim browser and control the account

We are processing your report and will contact the limesurvey team within 24 hours. a month ago

ranjit-git

commented a month ago

Researcher

@maintainer plz let me know in you need more info. Due to time shortage i submitted this bug as small detailed report

We have contacted a member of the limesurvey team and are waiting to hear back a month ago

Carsten Schmitz modified the Severity from Critical (9.1) to Medium (4.3) a month ago

The researcher has received a minor penalty to their credibility for miscalculating the severity: -1

Carsten Schmitz validated this vulnerability a month ago

ranjit-git has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Carsten Schmitz marked this as fixed in 5.6.6 with commit 826b9e a month ago

Carsten Schmitz has been awarded the fix bounty

This vulnerability will not receive a CVE

This vulnerability is scheduled to go public on Feb 20th 2023

Carsten Schmitz gave praise a month ago

Thank you!

The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1

Carsten Schmitz published this vulnerability a month ago

to join this conversation