First published: Fri Dec 21 2018(Updated: )
LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators. Fixed in version 3.15.6.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Limesurvey Limesurvey | <=3.15.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the cross-site scripting (XSS) vulnerability in LimeSurvey is CVE-2018-20322.
The severity of CVE-2018-20322 is medium, with a severity value of 6.1.
The XSS vulnerability in LimeSurvey version 3.15.5 occurs in the Survey Resource zip upload, allowing for Javascript code execution against LimeSurvey administrators.
The XSS vulnerability in LimeSurvey can be fixed by updating to version 3.15.6 or later.
Yes, additional information about CVE-2018-20322 can be found in the following references: [1](https://bugs.limesurvey.org/view.php?id=14376) [2](https://github.com/LimeSurvey/LimeSurvey/commit/bfee69edaa0b90f97dc2d8fab09a87958cb32405)