XSS in Survey menus (Menu icon type and Menu icon) in limesurvey/limesurvey

Valid

Reported on

Oct 10th 2023


Description

XSS in Survey menus (Menu icon type and Menu icon)

Proof of Concept

1 .Create a new survey menu entry

2 .Insert payload in to Menu icon *

 testxss"><script>alert('xss')</script>

3 . Select Menu icon type : Image

4 .Click create ==> detect XSS

Video Poc

https://drive.google.com/file/d/1jsTvj01y6d3mKzfh5HQpN4ya5zg8JTvT/view?usp=sharing

Impact

This security vulnerability has the potential to steal multiple users' cookies, gain unauthorized access to that user's account through stolen cookies, or redirect the user to other malicious websites...

We are processing your report and will contact the limesurvey team within 24 hours. 4 months ago
tiborpacalat
4 months ago

Internal tracking number: 19168

We have contacted a member of the limesurvey team and are waiting to hear back 4 months ago
tiborpacalat validated this vulnerability 4 months ago
hainguyen0207 has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
HaiNguyen
2 months ago

Researcher


Hi @tiborpacalat

Can you publish other errors?

Let me ask, which testing platform did you switch to?

Thank you.

tiborpacalat marked this as fixed in 6.3.7+231127 with commit ea366c 2 months ago
The fix bounty has been dropped
This vulnerability has now been published 2 months ago
tiborpacalat
2 months ago

Hi @HaiNguyen, we haven't decided on another testing platform yet.

HaiNguyen
2 months ago

Researcher


I see some other errors that you have already fixed, so should you publish them?

Whenever you have a new platform, remember to notify me. Let me join. My email: hai0207e@gmail.com

Thank you.

to join this conversation