Stored XSS vulnerability in limesurvey/limesurvey


Reported on

Jun 8th 2023


The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Proof of Concept 1

Step1: The user has the right to access and perform the creation of surveys, with the payload inserted into the survey title.


testxss'"><img src/onerror=alert(document.domain)>


Step2: Create a group and survey questions to meet the requirements for publishing the survey.


Step3: The victim accesses the Survey URL, which triggers the payload.


Proof of Concept 2

Step1: Login and access the Profile function, then inject the payload into the 'Full Name' field and save the changes.


testxss' accesskey="X" onclick="alert(1)" x='


Step2: The administrator accesses the user management function screen and presses the Alt+Shift+X key combination, causing the payload to be triggered.



An attacker can steal cookies or manipulate the victim to send requests to perform unintended actions,...

We are processing your report and will contact the limesurvey team within 24 hours. 3 months ago
aqngoc modified the report
3 months ago
aqngoc modified the report
3 months ago
aqngoc modified the report
3 months ago
We have contacted a member of the limesurvey team and are waiting to hear back 3 months ago
Carsten Schmitz validated this vulnerability 3 months ago
aqngoc has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
3 months ago


Can you assign CVE for this vulnerability ?

Carsten Schmitz marked this as fixed in 6.1.5 with commit 6e5a57 3 months ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
Carsten Schmitz published this vulnerability 3 months ago
Carsten Schmitz gave praise 3 months ago
I am sorry but we don't do CVEs for various reasons
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
to join this conversation