CVE-2020-36993

Name of the Vulnerable Software and Affected Versions LimeSurvey versions 4.3.10 and earlier

Description LimeSurvey is affected by a stored cross-site scripting issue in the Survey Menu functionality within the administration panel. An attacker can inject malicious SVG scripts through the Surveymenu[title] and Surveymenu[parent id] parameters. Successful exploitation allows the execution of arbitrary JavaScript in administrative contexts.

Recommendations Versions prior to 4.3.10 are vulnerable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.