First published: Mon Mar 16 2020(Updated: )
LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/PanelBoxWidget/views/box.php or a label title in application/views/admin/labels/labelview_view.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Limesurvey Limesurvey | =3.17.7\+190627 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this LimeSurvey vulnerability is CVE-2019-14512.
The severity of CVE-2019-14512 is medium with a CVSS score of 6.1.
LimeSurvey 3.17.7+190627 has XSS through Boxes in application/extensions/PanelBoxWidget/views/box.php or a label title in application/views/admin/labels/labelview_view.php.
To fix the XSS vulnerability in LimeSurvey 3.17.7+190627, update to a version that includes the following commits: [commit link 1] and [commit link 2].
You can find more information about LimeSurvey on the official LimeSurvey website [website link].