CVE-2018-20322

LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators. Fixed in version 3.15.6.
References
Link Resource
https://github.com/LimeSurvey/LimeSurvey/commit/bfee69edaa0b90f97dc2d8fab09a87958cb32405 Patch Third Party Advisory
https://bugs.limesurvey.org/view.php?id=14376 Issue Tracking Permissions Required Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:limesurvey:limesurvey:*:*:*:*:*:*:*:*

Information

Published : 2018-12-21 15:29

Updated : 2019-03-18 08:25


NVD link : CVE-2018-20322

Mitre link : CVE-2018-20322


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

limesurvey

  • limesurvey