← Back to CVE List

CVE-2022-48010

Published: 2023-01-27T18:15Z
Last Modified: 2024-11-21T07:32Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Welcome-message text fields. NOTE: the vendor indicates that this is not a vulnerability because the manipulation requires Superadministrator privileges, and Superadministrators are already allowed to customize surveys with JavaScript as they wish. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt