Store XSS in Survey menus in limesurvey/limesurvey
Sep 3rd 2023
I noticed, your website is very secure.
But you overlooked a flaw Store DOM XSS .
Proof of Concept
1 .Login vs admin demo account and access Configuration
2 .Go to Survey menus ==> Survey menus entries
3 .Add new menu entry and insert payload in to GET data method
4 .Click create ==> detect XSS
This security vulnerability has the potential to steal multiple users' cookies, gain unauthorized access to that user's account through stolen cookies, or redirect the user to other malicious websites...