Store XSS when Edit label set in limesurvey/limesurvey

Valid

Reported on

Sep 29th 2023


Description

Store XSS when Edit label set.

I noticed, you have filtered the input when creating the label set.

But, perhaps you forgot to filter when editing the label set.

Proof of Concept

1 .Create a label set

2 .Edit label set with payload :

   haido<script>alert(document.domain)</script>

3 .Click Export multiple label sets ==> Detect XSS

Video Poc

https://drive.google.com/file/d/14B6Zpg2nUjy3n4-oZNN_XiLxCXt_T-0C/view?usp=sharing

Impact

This security vulnerability has the potential to steal multiple users' cookies, gain unauthorized access to that user's account through stolen cookies, or redirect the user to other malicious websites...

We are processing your report and will contact the limesurvey team within 24 hours. 5 months ago
We have contacted a member of the limesurvey team and are waiting to hear back 5 months ago
tiborpacalat
5 months ago

Maintainer


Internal tracking number: 19146

tiborpacalat validated this vulnerability 4 months ago
hainguyen0207 has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
HaiNguyen
4 months ago

Researcher


Hi, any new update ?

tiborpacalat marked this as fixed in 6.3.0+231016 with commit 89099c 4 months ago
The fix bounty has been dropped
This vulnerability has now been published 4 months ago
to join this conversation