First published: Mon Sep 09 2019(Updated: )
A stored cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows authenticated users with correct permissions to inject arbitrary web script or HTML via titles of admin box buttons on the home page.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Limesurvey Limesurvey | <3.17.14 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-16178 is a stored cross-site scripting (XSS) vulnerability found in Limesurvey before version 3.17.14.
CVE-2019-16178 allows authenticated users with correct permissions to inject arbitrary web script or HTML through the titles of admin box buttons on the home page.
The severity of CVE-2019-16178 is medium with a severity score of 5.4.
To fix CVE-2019-16178, you should update Limesurvey to version 3.17.14 or higher.
You can find more information about CVE-2019-16178 in the official release notes and GitHub commit of Limesurvey version 3.17.14.