LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/PanelBoxWidget/views/box.php or a label title in application/views/admin/labels/labelview_view.php.
References
Link | Resource |
---|---|
https://github.com/LimeSurvey/LimeSurvey/commit/0b7391dff91b326284ca3fc5188b768b5d522d88 | Patch Third Party Advisory |
https://github.com/LimeSurvey/LimeSurvey/commit/f2566f6978a77e3f0870079c45cda1c065a58a73 | Patch Third Party Advisory |
https://www.limesurvey.org/ | Vendor Advisory |
https://www.linkedin.com/in/michelecisternino/ | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-03-16 15:15
Updated : 2024-02-28 17:47
NVD link : CVE-2019-14512
Mitre link : CVE-2019-14512
CVE.ORG link : CVE-2019-14512
JSON object : View
Products Affected
limesurvey
- limesurvey
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')