Nixpkgs security tracker
4.4 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): High (H)
- Privileges Required (PR): High (H)
- User Interaction (UI): None (N)
- Scope (S): Changed (C)
- Confidentiality (C): Low (L)
- Integrity (I): Low (L)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): High (H)
- Modified Privileges Required (MPR): High (H)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): Low (L)
- Modified Scope (MS): Changed (C)
- Modified Integrity (MI): Low (L)
- Modified Availability (MA): None (N)
by @mweinelt Activity log
- Created suggestion
- @mweinelt dismissed (not in Nixpkgs)
Survey <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings
The Survey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
References
Affected products
- =<1.1
Matching in nixpkgs
pkgs.limesurvey
Open source survey application
-
nixos-unstable 6.15.14+250924
- nixpkgs-unstable 6.15.14+250924
- nixos-unstable-small 6.15.14+250924
-
nixos-25.11 6.15.14+250924
- nixos-25.11-small 6.15.14+250924
- nixpkgs-25.11-darwin 6.15.14+250924
pkgs.python312Packages.survey
Simple library for creating beautiful interactive prompts
pkgs.python313Packages.survey
Simple library for creating beautiful interactive prompts
pkgs.python314Packages.survey
Simple library for creating beautiful interactive prompts
pkgs.haskellPackages.gogol-surveys
Google Surveys SDK
pkgs.libsForQt5.kde-inotify-survey
Tooling for monitoring inotify limits and informing the user when they have been or about to be reached
pkgs.kdePackages.kde-inotify-survey
Tooling for monitoring inotify limits and informing the user when they have been or about to be reached.
pkgs.plasma5Packages.kde-inotify-survey
Tooling for monitoring inotify limits and informing the user when they have been or about to be reached
Package maintainers
-
@K900 Ilya K. <me@0upti.me>
-
@peterhoeg Peter Hoeg <peter@hoeg.com>
-
@SCOTT-HAMILTON Scott Hamilton <sgn.hamilton@protonmail.com>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@FRidh Frederik Rietdijk <fridh@fridh.nl>
-
@nyanloutre Paul Trehiou <paul@nyanlout.re>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@bkchr Bastian Köcher <nixos@kchr.de>
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@offlinehacker Jaka Hudoklin <jaka@x-truder.net>
-
@SFrijters Stefan Frijters <sfrijters@gmail.com>