First published: Fri Sep 21 2018(Updated: )
In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveyls_title parameter to /index.php?r=admin/survey/sa/insert.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Limesurvey Limesurvey | =3.14.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this LimeSurvey vulnerability is CVE-2018-17003.
The severity of CVE-2018-17003 is medium with a CVSS score of 6.1.
The affected software for this vulnerability is LimeSurvey version 3.14.7.
CVE-2018-17003 is a combination of HTML Injection and Stored XSS vulnerability.
To fix CVE-2018-17003 in LimeSurvey, it is recommended to upgrade to a patched version of LimeSurvey.