CVE-2020-25797

Name of the Vulnerable Software and Affected Versions LimeSurvey version 3.21.1

Description The issue concerns cross-site scripting (XSS) in the Add Participants Function, specifically affecting the First and last name parameters. When a survey participant is being edited, for instance by an administrative user, the JavaScript code will be executed in the browser.

Recommendations For LimeSurvey version 3.21.1, as a temporary workaround, consider restricting access to the Add Participants Function to minimize the risk of exploitation. Avoid using the First and last name parameters in this function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.