CVE-2021-42112

Published: Oct 8, 2021
Updated: May 9, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-42112" target="_blank" rel="noopener"> CVE-2021-42112
GHSA: <a href="https://github.com/advisories/GHSA-h9ph-jcgh-gf69" target="_blank" rel="noopener"> GHSA-h9ph-jcgh-gf69
Severity: Medium
Exploit:

The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.

CVSS v3:

CVSS v2:

CWEs:

OWASP TOP 10:

Vulnerability Database