Stored XSS in Notification and Data Management in limesurvey/limesurvey
Feb 28th 2023
Please enter a description of the vulnerability.
Proof of Concept
- Go to a survey and to
Notifications and data.
- Turn off Inherit option for
Send basic notification email to:or
Send basic notification email to:
- Enter the following payload:
- Account Takeover by stealing cookies
- Malicious client side code execution on webpage context