Store XSS when Edit label set in limesurvey/limesurvey
Sep 29th 2023
Store XSS when Edit label set.
I noticed, you have filtered the input when creating the label set.
But, perhaps you forgot to filter when editing the label set.
Proof of Concept
1 .Create a label set
2 .Edit label set with payload :
3 .Click Export multiple label sets ==> Detect XSS
This security vulnerability has the potential to steal multiple users' cookies, gain unauthorized access to that user's account through stolen cookies, or redirect the user to other malicious websites...