SecuritySpace - CVE-2022-48010

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2022-48010

Description: ** DISPUTED ** LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/s urveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Welcome- message text fields. NOTE: the vendor indicates that this is not a vulnerability because the manipulation requires Superadministrator privileges, and Superadministrators are already allowed to customize surveys with JavaScript as they wish.

Test IDs: None available

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2022-48010
https://github.com/Sakura-501/LimeSurvey-5.4.15-Stored-XSS-in-surveytexts

CVE ID:	CVE-2022-48010
Description:	DISPUTED LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/s urveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Welcome- message text fields. NOTE: the vendor indicates that this is not a vulnerability because the manipulation requires Superadministrator privileges, and Superadministrators are already allowed to customize surveys with JavaScript as they wish.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2022-48010 https://github.com/Sakura-501/LimeSurvey-5.4.15-Stored-XSS-in-surveytexts