First published: Tue Dec 14 2021(Updated: )
Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Limesurvey Limesurvey | =3.6.2-180406 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-10228 is a cross-site scripting (XSS) vulnerability in LimeSurvey 3.6.2+180406.
CVE-2018-10228 allows remote attackers to inject arbitrary web script or HTML through the changes_cp parameter in the /application/controller/admin/theme.php file.
The severity of CVE-2018-10228 is medium with a CVSS score of 6.1.
The XSS vulnerability in LimeSurvey can be exploited by sending malicious web script or HTML code through the changes_cp parameter in the /application/controller/admin/theme.php file.
Yes, LimeSurvey version 3.6.3 or later addresses the XSS vulnerability CVE-2018-10228.