CVE-2021-42112

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-42112
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-42112.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-42112
Aliases
Published
2021-10-08T21:15:07.883Z
Modified
2026-03-14T11:16:57.095479Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.

References

Affected packages

Git / github.com/limesurvey/limesurvey

Affected ranges

Type
GIT
Repo
https://github.com/limesurvey/limesurvey
Events
Introduced
2ef1525baed6eb977b5aa50ed02b26bb072a483c
Last affected
d6c4ac678c32c458e4b8643465afa9fa27e99732
Fixed
d56619a50cfd191bbffd0adb660638a5e438070d
Database specific 
{
    "versions": [
        {
            "introduced": "3.0.0"
        },
        {
            "last_affected": "3.27.18"
        }
    ]
}

Affected versions

2.*
2.2.5
2.73.1+171220
3.*
3.0.0+171222
3.0.1+171228
3.0.2+180110
3.0.3+180112
3.0.4+180116
3.0.5+180118
3.1.0
3.1.1+180130
3.10.0+180611
3.11.0+180612
3.12.0+180615
3.12.1+180616
3.12.2+180625
3.12.3+180627
3.13.0+180628
3.13.1+180629
3.13.2+180709
3.14.0+180730
3.14.1+180731
3.14.10+180924
3.14.10+180926
3.14.11+180926
3.14.2+180807
3.14.4+180810
3.14.5+180815
3.14.6+180821
3.14.7+180827
3.14.8+180829
3.14.9+180917
3.15.0+181008
3.15.1+181017
3.15.2+181107
3.15.3+181108
3.15.4+181109
3.15.5+181115
3.15.6+190108
3.15.7+190124
3.15.8+190130
3.15.9+190214
3.16.1+190225
3.16.1+190314
3.17.0+190402
3.17.1+190408
3.17.10+190821
3.17.11+190822
3.17.12+190823
3.17.13+190824
3.17.14+190902
3.17.15+190903
3.17.16+190906
3.17.17+190918
3.17.3+190429
3.17.4+190529
3.17.5+190604
3.17.6+190624
3.17.7+190627
3.17.8+190722
3.17.9+190731
3.18.0+190923
3.19.0+191008
3.19.1+191009
3.19.2+191017
3.19.3+191023
3.2.0+180206
3.2.1+180207
3.20.0+191112
3.20.1+191114
3.20.2+191119
3.21.0+191203
3.21.1+191210
3.21.2+191216
3.21.3+191219
3.21.4+200108
3.21.5+200115
3.21.6+200121
3.22.0+200127
3.22.1+200129
3.22.10+200323
3.22.11+200330
3.22.12+200406
3.22.13+200415
3.22.14+200423
3.22.15+200505
3.22.16+200519
3.22.17+200525
3.22.18+200603
3.22.19+200605
3.22.2+200204
3.22.20+200617
3.22.21+200622
3.22.210+200804
3.22.22+200625
3.22.23+200626
3.22.24+200630
3.22.25+200706
3.22.26+200714
3.22.27+200720
3.22.28+200728
3.22.29+200731
3.22.3+200211
3.22.4+200212
3.22.5+200218
3.22.6+200219
3.22.7+200225
3.22.8+200309
3.22.9+200317
3.23.0+200813
3.23.1+200825
3.23.2+200908
3.23.3+200909
3.23.4+200922
3.23.5+200923
3.23.6+200929
3.23.7+201006
3.24.0+201013
3.24.1+201014
3.24.2+201020
3.24.3+201027
3.24.4+201103
3.24.5+201104
3.24.6+201109
3.25.0+201117
3.25.1+201124
3.25.10+210128
3.25.11+210210
3.25.12+210211
3.25.13+210216
3.25.14+210218
3.25.15+210223
3.25.16+210302
3.25.17+210309
3.25.18+210316
3.25.19+210323
3.25.2+201131
3.25.20+210330
3.25.21+210407
3.25.22+210413
3.25.3+201208
3.25.4+201215
3.25.5+201222
3.25.6+201229
3.25.7+210113
3.25.8+210118
3.25.9+210125
3.26.0+210419
3.26.1+210427
3.26.2+210503
3.26.3+210511
3.26.4+210517
3.26.5+210519
3.27.0+210525
3.27.1+210531
3.27.10+210803
3.27.11+210809
3.27.12+210816
3.27.13+210823
3.27.14+210831
3.27.15+210907
3.27.16+210909
3.27.17+210911
3.27.18+210921
3.27.2+210608
3.27.3+210615
3.27.4+210622
3.27.5+210624
3.27.6+210629
3.27.7+210713
3.27.8+210721
3.27.9+210726
3.3.0+180209
3.3.1
3.4.0+180219
3.4.1+180221
3.4.2+180223
3.4.3+180227
3.4.4+180305
3.5.0+180309
3.5.1+180312
3.5.2+180315
3.5.3+180316
3.5.4+180320
3.6.0+180328
3.6.1+180329
3.6.2+180406
3.6.3+180416
3.7.0+180418
3.7.1+180424
3.7.2+180508
3.7.3+180516
3.8.0+180522
3.8.1+180524
3.8.2+180529
3.9.0+180604

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-42112.json"