Bootstrap-switch 3.3.2 in use which is vulnerable to XSS in limesurvey/limesurvey
Feb 21st 2023
Bootstrap-switch 3.3.2 in use which is vulnerable to XSS
Proof of Concept
1) Go to https://demo.limesurvey.org/tmp/assets/12fba870/js/bootstrap-switch.min.js and note that Bootstrap-switch is using 3.3.2 2) Check https://github.com/LimeSurvey/LimeSurvey/blob/master/assets/packages/bootstrap/plugins/switch/js/bootstrap-switch.js and note that Bootstrap-switch is using 3.3.2 3) Go to https://security.snyk.io/vuln/SNYK-JS-BOOTSTRAPSWITCH-597113 and note the version is vulnerable to XSS. 4) Execute the poc Reference: https://jsfiddle.net/876myrk5/ Reference: https://github.com/Bttstrp/bootstrap-switch/pull/730
This vulnerability is capable of XSS upon executing the proof of concept.