GHSA-632q-77qj-c89q

Source

https://github.com/advisories/GHSA-632q-77qj-c89q

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/10/GHSA-632q-77qj-c89q/GHSA-632q-77qj-c89q.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-632q-77qj-c89q

Aliases

Published

2024-10-07T18:31:07Z

Modified

2024-10-16T08:57:12.542401Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator

Summary

LimeSurvey Cross Site Scripting vulnerability

Details

Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.

Database specific

{
    "nvd_published_at": "2024-10-07T16:15:05Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-10-07T19:01:59Z"
}

References

Affected packages

Packagist / limesurvey/limesurvey

Package

Name: limesurvey/limesurvey
Purl: pkg:composer/limesurvey/limesurvey

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.5.0

Affected versions

2.*

2.2.5

2.65.2+170606

2.65.3+170607

2.65.4+170612

2.65.5+170613

2.65.6+170615

2.66.6+170619

2.67.0+170622

2.67.1+170626

2.67.2+170728

2.67.3+170728

2.70.0+170921

2.71.0+170925

2.71.1+170927

2.72.0+171010

2.72.1+171012

2.72.2+171017

2.72.3+171020

2.72.4+171110

2.72.5+171121

2.72.6+171207

2.73.0+171219

2.73.1+171220

3.*

3.0.0-beta.1+170720

3.0.0-beta.2+170810

3.0.0-beta.3+170914

3.0.0-RC.1

3.0.0-RC.2+171102

3.0.0-RC.3+171114

3.0.0+171222

3.0.1+171228

3.0.2+180110

3.0.3+180112

3.0.4+180116

3.0.5+180118

3.1.0

3.1.1+180130

3.2.0+180206

3.2.1+180207

3.3.0+180209

3.3.1

3.4.0+180219

3.4.1+180221

3.4.2+180223

3.4.3+180227

3.4.4+180305

3.5.0+180309

3.5.1+180312

3.5.2+180315

3.5.3+180316

3.5.4+180320

3.6.0+180328

3.6.1+180329

3.6.2+180406

3.6.3+180416

3.7.0+180418

3.7.1+180424

3.7.2+180508

3.7.3+180516

3.8.0+180522

3.8.1+180524

3.8.2+180529

3.9.0+180604

3.10.0+180611

3.11.0+180612

3.12.0+180615

3.12.1+180616

3.12.2+180625

3.12.3+180627

3.13.0+180628

3.13.1+180629

3.13.2+180709

3.14.0+180730

3.14.1+180731

3.14.2+180807

3.14.4+180810

3.14.5+180815

3.14.6+180821

3.14.7+180827

3.14.8+180829

3.14.9+180917

3.14.10+180926

3.14.11+180926

3.15.0+181008

3.15.1+181017

3.15.2+181107

3.15.3+181108

3.15.4+181109

3.15.5+181115

3.15.6+190108

3.15.7+190124

3.15.8+190130

3.15.9+190214

3.16.1+190314

3.17.0+190402

3.17.1+190408

3.17.3+190429

3.17.4+190529

3.17.5+190604

3.17.6+190624

3.17.7+190627

3.17.8+190722

3.17.9+190731

3.17.10+190821

3.17.11+190822

3.17.12+190823

3.17.13+190824

3.17.14+190902

3.17.15+190903

3.17.16+190906

3.17.17+190918

3.18.0+190923

3.19.0+191008

3.19.1+191009

3.19.2+191017

3.19.3+191023

3.20.0+191112

3.20.1+191114

3.20.2+191119

3.21.0+191203

3.21.1+191210

3.21.2+191216

3.21.3+191219

3.21.4+200108

3.21.5+200115

3.21.6+200121

3.22.0+200127

3.22.1+200129

3.22.2+200204

3.22.3+200211

3.22.4+200212

3.22.5+200218

3.22.6+200219

3.22.7+200225

3.22.8+200309

3.22.9+200317

3.22.10+200323

3.22.11+200330

3.22.12+200406

3.22.13+200415

3.22.14+200423

3.22.15+200505

3.22.16+200519

3.22.17+200525

3.22.18+200603

3.22.19+200605

3.22.20+200617

3.22.21+200622

3.22.22+200625

3.22.23+200626

3.22.24+200630

3.22.25+200706

3.22.26+200714

3.22.27+200720

3.22.28+200728

3.22.29+200731

3.22.210+200804

3.23.0+200813

3.23.1+200825

3.23.2+200908

3.23.3+200909

3.23.4+200922

3.23.5+200923

3.23.6+200929

3.23.7+201006

3.24.0+201013

3.24.1+201014

3.24.2+201020

3.24.3+201027

3.24.4+201103

3.24.5+201104

3.24.6+201109

3.25.0+201117

3.25.1+201124

3.25.2+201131

3.25.3+201208

3.25.4+201215

3.25.5+201222

3.25.6+201229

3.25.7+210113

3.25.8+210118

3.25.9+210125

3.25.10+210128

3.25.11+210210

3.25.12+210211

3.25.13+210216

3.25.14+210218

3.25.15+210223

3.25.16+210302

3.25.17+210309

3.25.18+210316

3.25.19+210323

3.25.20+210330

3.25.21+210407

3.25.22+210413

3.26.0+210419

3.26.1+210427

3.26.2+210503

3.26.3+210511

3.26.4+210517

3.26.5+210519

3.27.0+210525

3.27.1+210531

3.27.2+210608

3.27.3+210615

3.27.4+210622

3.27.5+210624

3.27.6+210629

3.27.7+210713

3.27.8+210721

3.27.9+210726

3.27.10+210803

3.27.11+210809

3.27.12+210816

3.27.13+210823

3.27.14+210831

3.27.15+210907

3.27.16+210909

3.27.17+210911

3.27.18+210921

3.27.19+210928

3.27.20+211012

3.27.21+211021

3.27.22+211026

3.27.23+211102

3.27.24+211108

3.27.25+211116

3.27.26+211123

3.27.27+211130

3.27.28+211208

3.27.29+211214

3.27.30+211222

3.27.31+220104

3.27.32+220119

3.27.33+220125

3.27.34+220132

3.27.35+220208

3.28.1+220229

3.28.2+220308

3.28.3+220315

3.28.4+220329

3.28.5+220405

3.28.6+220412

3.28.7+220420

3.28.8+220426

3.28.9+220503

3.28.10+220510

3.28.11+220517

3.28.12+220524

3.28.13+220531

3.28.14+220608

3.28.15+220616

3.28.16+220621

3.28.17+220627

3.28.18+220706

3.28.19+220712

3.28.20+220719

3.28.21+220726

3.28.22+220802

3.28.23+220809

3.28.24+220816

3.28.25+220822

3.28.26+220829

3.28.27+220905

3.28.28+220912

3.28.29+220920

3.28.30+220927

3.28.31+221005

3.28.32+221011

3.28.33+221020

3.28.34+221021

3.28.35+221025

3.28.36+221102

3.28.37+221108

3.28.38+221115

3.28.39+221122

3.28.40+221129

3.28.41+221206

3.28.42+221213

3.28.43+221221

3.28.44+230110

3.28.45+230117

3.28.46+230124

3.28.47+230131

3.28.48+230207

3.28.49+230215

3.28.50+230221

3.28.51+230228

3.28.52+230307

3.28.53+230314

3.28.54+230321

3.28.55+230328

3.28.56+230404

3.28.57+230425

3.28.58+230504

3.28.59+230517

3.28.60+230607

3.28.61+230614

3.28.62+230619

3.28.63+230628

3.28.64+230705

3.28.65+230712

3.28.66+230719

3.28.67+230728

3.28.69+230815

3.28.71+230824

3.28.72+230829

3.28.73+230906

3.28.74+230920

3.28.75+231006

3.28.76+231018

3.29.0

3.29.1

3.29.2

4.*

4.0.0-alpha+181212

4.0.0-beta

4.0.0-RC2+190723

4.0.0-RC3+190807

4.0.0-RC4+190930

4.0.0-RC5+191014

4.0.0-RC6+191022

4.0.0-RC7+191111

4.0.0-RC8+191118

4.0.0-RC9+191125

4.0.0-RC10+191202

4.0.0-RC11+191209

4.0.0-RC12+191217

4.0.0-RC13+191223

4.0.0-RC14+200109

4.0.0+200116

4.0.1+200120

4.1.0+200128

4.1.1+200203

4.1.2+200210

4.1.3+200213

4.1.4+200214

4.1.5+200217

4.1.6+200220

4.1.7+200224

4.1.8+200302

4.1.9+200310

4.1.10+200311

4.1.11+200316

4.1.12+200324

4.1.13+200325

4.1.14+200331

4.1.15+200402

4.1.16+200407

4.1.17+200414

4.1.18+200416

4.2.0+200422

4.2.1+200428

4.2.2+200504

4.2.3+200511

4.2.4+200520

4.2.5+200526

4.2.6+200602

4.2.7+200604

4.2.8+200608

4.3.0+200616

4.3.1+200623

4.3.2+200629

4.3.3+200707

4.3.4+200713

4.3.5+200721

4.3.6+200727

4.3.7+200730

4.3.8+200803

4.3.9+200806

4.3.10+200812

4.3.11+200817

4.3.12+200820

4.3.13+200824

4.3.14+200826

4.3.15+200907

4.3.16+200915

4.3.17+200921

4.3.18+200928

4.3.19+201005

4.3.20+201012

4.3.21+201015

4.3.22+201019

4.3.23+201026

4.3.24+201102

4.3.25+201105

4.3.26+201110

4.3.27+201116

4.3.28+201123

4.3.29+201130

4.3.30+201207

4.3.31+201214

4.3.32+201221

4.3.33+201228

4.3.34+210119

4.4.0-RC1+201223

4.4.0-RC2+210104

4.4.0-RC3+210112

4.4.0+210129

4.4.1+210201

4.4.2+210208

4.4.3+210209

4.4.4+210212

4.4.5+210213

4.4.6+210214

4.4.7+210215

4.4.8+210217

4.4.9+210219

4.4.10+210222

4.4.11+210301

4.4.12+210308

4.4.13+210315

4.4.14+210322

4.4.15+210329

4.4.16+210406

4.5.0+210412

4.5.1+210420

4.5.2+210426

4.6.0+210504

4.6.1+210510

4.6.2+210512

4.6.3+210518

5.*

5.0.0+210526

5.0.1+210532

5.0.2+210607

5.0.3+210609

5.0.4+210614

5.0.5+210621

5.0.6+210625

5.0.7+210628

5.0.8+210712

5.0.9+210722

5.0.10+210723

5.0.11+210727

5.0.12+210729

5.0.13+210804

5.1.0+210811

5.1.1+210812

5.1.2+210813

5.1.3+210817

5.1.4+210824

5.1.5+210830

5.1.6+210906

5.1.7+210908

5.1.8+210910

5.1.9+210912

5.1.10+210913

5.1.11+210920

5.1.12+210922

5.1.13+210923

5.1.14+210927

5.1.15+211011

5.1.16+211020

5.1.17+211025

5.1.18+211101

5.2.0+211110

5.2.1+211111

5.2.2+211115

5.2.3+211122

5.2.4+211129

5.2.5+211207

5.2.6+211213

5.2.7+211221

5.2.8+220103

5.2.9+220110

5.2.10+220118

5.2.11+220124

5.2.12+220131

5.2.13+220207

5.2.14+220214

5.3.0+220228

5.3.1+220301

5.3.2+220302

5.3.3+220307

5.3.4+220309

5.3.5+220314

5.3.6+220321

5.3.7+220328

5.3.8+220404

5.3.9+220411

5.3.10+220419

5.3.11+220425

5.3.12+220502

5.3.13+220509

5.3.14+220516

5.3.15+220519

5.3.16+220523

5.3.17+220525

5.3.18+220530

5.3.19+220607

5.3.20+220615

5.3.21+220620

5.3.22+220628

5.3.23+220705

5.3.24+220711

5.3.25+220718

5.3.26+220720

5.3.27+220725

5.3.28+220727

5.3.29+220801

5.3.30+220808

5.3.31+220815

5.3.32+220817

5.4.0+220913

5.4.1+220919

5.4.2+220921

5.4.3+220926

5.4.4+221004

5.4.5+221010

5.4.6+221018

5.4.7+221019

5.4.8+221024

5.4.9+221101

5.4.10+221107

5.4.11+221114

5.4.12+221121

5.4.13+221128

5.4.14+221205

5.4.15+221212

5.5.0+221219

5.5.1+230103

5.5.2+230109

5.6.0+230116

5.6.1+230123

5.6.2+230125

5.6.3+230130

5.6.4+230206

5.6.5+230214

5.6.6+230220

5.6.7+230222

5.6.8+230227

5.6.9+230306

5.6.10+230313

5.6.11+230320

5.6.12+230327

5.6.13+230327

5.6.14+230403

5.6.15+230412

5.6.16+230418

5.6.17+230426

5.6.18+230503

5.6.19+230509

5.6.20+230516

5.6.21+230518

5.6.22+230523

5.6.23+230524

5.6.24+230531

5.6.25+230605

5.6.26+230613

5.6.27+230621

5.6.28+230627

5.6.29+230704

5.6.30+230711

5.6.31+230718

5.6.32+230731

5.6.33+230808

5.6.34+230816

5.6.35+230822

5.6.36+230830

5.6.37+230905

5.6.38+230919

5.6.39+230926

5.6.40+231005

5.6.41+231017

5.6.42+231024

5.6.43+231030

5.6.44+231107

5.6.45+231114

5.6.46+231121

5.6.47+231128

5.6.48+231205

5.6.49+231212

5.6.50+240109

5.6.51+240116

5.6.52+240123

5.6.53+240131

5.6.54+240206

5.6.55+240220

5.6.56+240227

5.6.57+240312

5.6.58+240403

5.6.59+240416

5.6.60+240423

5.6.61+240430

5.6.62+240507

5.6.63+240508

5.6.64+240516

5.6.65+240522

5.6.66+240604

5.6.67+240612

5.6.68+240625

6.*

6.0.0+230405

6.0.1+230411

6.0.2+230417

6.0.3+230424

6.0.4+230427

6.0.5+230502

6.0.6+230508

6.0.7+230515

6.1.0+230522

6.1.1+230530

6.1.2+230606

6.1.3+230612

6.1.4+230620

6.1.5+230626

6.1.6+230703

6.1.7+230710

6.1.8+230717

6.2.0+230732

6.2.1+230807

6.2.2+230814

6.2.3+230821

6.2.4+230825

6.2.5+230828

6.2.6+230904

6.2.7+230918

6.2.8+230921

6.2.9+230925

6.2.10+231004

6.2.11+231007

6.3.0+231016

6.3.1+231023

6.3.2+231031

6.3.3+231106

6.3.4+231108

6.3.5+231113

6.3.6+231120

6.3.7+231127

6.3.8+231204

6.3.9+231211

6.4.0+231218

6.4.1+240108

6.4.2+240115

6.4.3+240122

6.4.4+240130

6.4.5+240205

6.4.6+240212

6.4.7+240219

6.4.8+240221

6.4.9+240226

6.4.10+240228

6.4.11+240304

6.4.12+240311