CVE-2020-25797

{"id": "CVE-2020-25797", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2020-12-31T18:15:13.030", "references": [{"url": "https://bugs.limesurvey.org/view.php?id=15680", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/LimeSurvey/LimeSurvey/commit/0a7bdfa1c166f734d11a1528c8d9a7d61b670ad7", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser."}, {"lang": "es", "value": "LimeSurvey versi\u00f3n 3.21.1, est\u00e1 afectado por una vulnerabilidad de tipo cross-site scripting (XSS) en la Funci\u00f3n Add Participants (par\u00e1metros first y last name). Cuando el participante de la encuesta sea editado, por ejemplo, por un usuario administrativo, el c\u00f3digo JavaScript ser\u00e1 ejecutado en el navegador."}], "lastModified": "2021-01-05T14:20:47.523", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:limesurvey:limesurvey:3.21.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA401C3E-D4E1-4E2A-AC60-047600277AD2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}