First published: Wed Oct 16 2019(Updated: )
A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Limesurvey Limesurvey | <=3.19.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this XSS vulnerability in LimeSurvey is CVE-2019-17660.
The affected software is LimeSurvey version up to and including 3.19.1.
The severity level of CVE-2019-17660 is medium.
The attacker can exploit this vulnerability by injecting arbitrary web script or HTML via the 'tolang' parameter.
Yes, LimeSurvey has released patches to address this vulnerability. Updating to the latest version of LimeSurvey (beyond 3.19.1) will fix the issue.