Stored XSS vulnerability in limesurvey/limesurvey
Jun 8th 2023
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Proof of Concept 1
Step1: The user has the right to access and perform the creation of surveys, with the payload inserted into the survey title.
Step2: Create a group and survey questions to meet the requirements for publishing the survey.
Step3: The victim accesses the Survey URL, which triggers the payload.
Proof of Concept 2
Step1: Login and access the Profile function, then inject the payload into the 'Full Name' field and save the changes.
testxss' accesskey="X" onclick="alert(1)" x='
Step2: The administrator accesses the user management function screen and presses the Alt+Shift+X key combination, causing the payload to be triggered.
An attacker can steal cookies or manipulate the victim to send requests to perform unintended actions,...