CVE-2020-25797
5.4
MEDIUM
CVSS 3.1
EPSS 0.26%
Description
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser.
How to fix CVE-2020-25797
To remediate CVE-2020-25797, upgrade the affected package to a fixed version below.
- Bitnami/limesurvey—upgrade to 3.21.2 or later
Is CVE-2020-25797 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 3.21.1, < 3.21.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |