Store DOM XSS when create survey in limesurvey/limesurvey
Sep 3rd 2023
I noticed, your website is very secure.
But you overlooked a flaw Store DOM XSS .
Proof of Concept
1 .Login vs admin demo account
2 .Create new survey , insert payload in to Survey title:
test" onclick = "alert(document.domain)"
3 . Click create ==> detect Store DOM XSS
This security vulnerability has the potential to steal multiple users' cookies, gain unauthorized access to that user's account through stolen cookies, or redirect the user to other malicious websites...