Stored XSS in label function in limesurvey/limesurvey
Jun 28th 2023
By Injecting the payloads to the fields (dataToSend), users who visited "Label sets list" screen maybe compromises
Proof of Concept
Step 1: Login as a user who has permission to edit the Label. Go to the label function and view a label Step 2: Inject the payload to the Code field as the image below and click save.
Step 3: The payload is then triggered
However, the maximum length of the field is 20. I still can exploit this vulnerability with this payload for a blind XSS:
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. The attacker can carry out any of the actions that are applicable to the impact of reflected XSS vulnerabilities.