CVE-2020-25799
5.4
MEDIUM
CVSS 3.1
EPSS 0.26%
Description
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.
How to fix CVE-2020-25799
To remediate CVE-2020-25799, upgrade the affected package to a fixed version below.
- Bitnami/limesurvey—upgrade to 3.21.2 or later
Is CVE-2020-25799 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 3.21.1, < 3.21.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |