Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1oOXBoLWpjZ2gtZ2Y2Oc0Wfw

Cross-site Scripting in Limesurvey

The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.

Permalink: https://github.com/advisories/GHSA-h9ph-jcgh-gf69
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oOXBoLWpjZ2gtZ2Y2Oc0Wfw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: over 1 year ago

CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-h9ph-jcgh-gf69, CVE-2021-42112
References:

Repository: https://github.com/LimeSurvey/LimeSurvey
Blast Radius: 0.0

Affected Packages

packagist:limesurvey/limesurvey

Dependent packages: 1
Dependent repositories: 1
Downloads: 116 total
Affected Version Ranges: < 3.27.19
Fixed in: 3.27.19
All affected versions: 2.2.5, 2.65.2, 2.65.3, 2.65.4, 2.65.5, 2.65.6, 2.66.6, 2.67.0, 2.67.1, 2.67.2, 2.67.3, 2.70.0, 2.71.0, 2.71.1, 2.72.0, 2.72.1, 2.72.2, 2.72.3, 2.72.4, 2.72.5, 2.72.6, 2.73.0, 2.73.1, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.1.0, 3.1.1, 3.2.0, 3.2.1, 3.3.0, 3.3.1, 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.5.0, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.8.0, 3.8.1, 3.8.2, 3.9.0, 3.10.0, 3.11.0, 3.12.0, 3.12.1, 3.12.2, 3.12.3, 3.13.0, 3.13.1, 3.13.2, 3.14.0, 3.14.1, 3.14.2, 3.14.4, 3.14.5, 3.14.6, 3.14.7, 3.14.8, 3.14.9, 3.14.10, 3.14.11, 3.15.0, 3.15.1, 3.15.2, 3.15.3, 3.15.4, 3.15.5, 3.15.6, 3.15.7, 3.15.8, 3.15.9, 3.16.1, 3.17.0, 3.17.1, 3.17.3, 3.17.4, 3.17.5, 3.17.6, 3.17.7, 3.17.8, 3.17.9, 3.17.10, 3.17.11, 3.17.12, 3.17.13, 3.17.14, 3.17.15, 3.17.16, 3.17.17, 3.18.0, 3.19.0, 3.19.1, 3.19.2, 3.19.3, 3.20.0, 3.20.1, 3.20.2, 3.21.0, 3.21.1, 3.21.2, 3.21.3, 3.21.4, 3.21.5, 3.21.6, 3.22.0, 3.22.1, 3.22.2, 3.22.3, 3.22.4, 3.22.5, 3.22.6, 3.22.7, 3.22.8, 3.22.9, 3.22.10, 3.22.11, 3.22.12, 3.22.13, 3.22.14, 3.22.15, 3.22.16, 3.22.17, 3.22.18, 3.22.19, 3.22.20, 3.22.21, 3.22.22, 3.22.23, 3.22.24, 3.22.25, 3.22.26, 3.22.27, 3.22.28, 3.22.29, 3.22.210, 3.23.0, 3.23.1, 3.23.2, 3.23.3, 3.23.4, 3.23.5, 3.23.6, 3.23.7, 3.24.0, 3.24.1, 3.24.2, 3.24.3, 3.24.4, 3.24.5, 3.24.6, 3.25.0, 3.25.1, 3.25.2, 3.25.3, 3.25.4, 3.25.5, 3.25.6, 3.25.7, 3.25.8, 3.25.9, 3.25.10, 3.25.11, 3.25.12, 3.25.13, 3.25.14, 3.25.15, 3.25.16, 3.25.17, 3.25.18, 3.25.19, 3.25.20, 3.25.21, 3.25.22, 3.26.0, 3.26.1, 3.26.2, 3.26.3, 3.26.4, 3.26.5, 3.27.0, 3.27.1, 3.27.2, 3.27.3, 3.27.4, 3.27.5, 3.27.6, 3.27.7, 3.27.8, 3.27.9, 3.27.10, 3.27.11, 3.27.12, 3.27.13, 3.27.14, 3.27.15, 3.27.16, 3.27.17, 3.27.18
All unaffected versions: 3.27.19, 3.27.20, 3.27.21, 3.27.22, 3.27.23, 3.27.24, 3.27.25, 3.27.26, 3.27.27, 3.27.28, 3.27.29, 3.27.30, 3.27.31, 3.27.32, 3.27.33, 3.27.34, 3.27.35, 3.28.1, 3.28.2, 3.28.3, 3.28.4, 3.28.5, 3.28.6, 3.28.7, 3.28.8, 3.28.9, 3.28.10, 3.28.11, 3.28.12, 3.28.13, 3.28.14, 3.28.15, 3.28.16, 3.28.17, 3.28.18, 3.28.19, 3.28.20, 3.28.21, 3.28.22, 3.28.23, 3.28.24, 3.28.25, 3.28.26, 3.28.27, 3.28.28, 3.28.29, 3.28.30, 3.28.31, 3.28.32, 3.28.33, 3.28.34, 3.28.35, 3.28.36, 3.28.37, 3.28.38, 3.28.39, 3.28.40, 3.28.41, 3.28.42, 3.28.43, 3.28.44, 3.28.45, 3.28.46, 3.28.47, 3.28.48, 3.28.49, 3.28.50, 3.28.51, 3.28.52, 3.28.53, 3.28.54, 3.28.55, 3.28.56, 3.28.57, 3.28.58, 3.28.59, 3.28.60, 3.28.61, 3.28.62, 3.28.63, 3.28.64, 3.28.65, 3.28.66, 3.28.67, 3.28.69, 3.28.71, 3.28.72, 3.28.73, 3.28.74, 3.28.75, 3.28.76, 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.1.9, 4.1.10, 4.1.11, 4.1.12, 4.1.13, 4.1.14, 4.1.15, 4.1.16, 4.1.17, 4.1.18, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.3.10, 4.3.11, 4.3.12, 4.3.13, 4.3.14, 4.3.15, 4.3.16, 4.3.17, 4.3.18, 4.3.19, 4.3.20, 4.3.21, 4.3.22, 4.3.23, 4.3.24, 4.3.25, 4.3.26, 4.3.27, 4.3.28, 4.3.29, 4.3.30, 4.3.31, 4.3.32, 4.3.33, 4.3.34, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.4.9, 4.4.10, 4.4.11, 4.4.12, 4.4.13, 4.4.14, 4.4.15, 4.4.16, 4.5.0, 4.5.1, 4.5.2, 4.6.0, 4.6.1, 4.6.2, 4.6.3, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.7, 5.1.8, 5.1.9, 5.1.10, 5.1.11, 5.1.12, 5.1.13, 5.1.14, 5.1.15, 5.1.16, 5.1.17, 5.1.18, 5.2.0, 5.2.1, 5.2.2, 5.2.3, 5.2.4, 5.2.5, 5.2.6, 5.2.7, 5.2.8, 5.2.9, 5.2.10, 5.2.11, 5.2.12, 5.2.13, 5.2.14, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.3.7, 5.3.8, 5.3.9, 5.3.10, 5.3.11, 5.3.12, 5.3.13, 5.3.14, 5.3.15, 5.3.16, 5.3.17, 5.3.18, 5.3.19, 5.3.20, 5.3.21, 5.3.22, 5.3.23, 5.3.24, 5.3.25, 5.3.26, 5.3.27, 5.3.28, 5.3.29, 5.3.30, 5.3.31, 5.3.32, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.4.4, 5.4.5, 5.4.6, 5.4.7, 5.4.8, 5.4.9, 5.4.10, 5.4.11, 5.4.12, 5.4.13, 5.4.14, 5.4.15, 5.5.0, 5.5.1, 5.5.2, 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.6.4, 5.6.5, 5.6.6, 5.6.7, 5.6.8, 5.6.9, 5.6.10, 5.6.11, 5.6.12, 5.6.13, 5.6.14, 5.6.15, 5.6.16, 5.6.17, 5.6.18, 5.6.19, 5.6.20, 5.6.21, 5.6.22, 5.6.23, 5.6.24, 5.6.25, 5.6.26, 5.6.27, 5.6.28, 5.6.29, 5.6.30, 5.6.31, 5.6.32, 5.6.33, 5.6.34, 5.6.35, 5.6.36, 5.6.37, 5.6.38, 5.6.39, 5.6.40, 5.6.41, 5.6.42, 5.6.43, 5.6.44, 5.6.45, 5.6.46, 5.6.47, 5.6.48, 5.6.49, 5.6.50, 5.6.51, 5.6.52, 5.6.53, 5.6.54, 5.6.55, 5.6.56, 5.6.57, 5.6.58, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.1.0, 6.1.1, 6.1.2, 6.1.3, 6.1.4, 6.1.5, 6.1.6, 6.1.7, 6.1.8, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11, 6.4.12, 6.5.0, 6.5.1, 6.5.2