CVE-2021-42112

Name of the Vulnerable Software and Affected Versions LimeSurvey versions 3.x-LTS through 3.27.18

Description The issue affects the "File upload question" functionality, allowing XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.

Recommendations For LimeSurvey versions 3.x-LTS through 3.27.18, consider disabling the "File upload question" functionality until a patch is available. Restrict access to the assets/scripts/modaldialog.js and assets/scripts/uploader.js files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.