First published: Wed Aug 05 2020(Updated: )
LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Limesurvey Limesurvey | =4.3.2 |
https://github.com/LimeSurvey/LimeSurvey/pull/1479/commits/4109a8d157e46c48ca34b995ef61a6e0f6905236
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2020-16192.
CVE-2020-16192 has a severity keyword of 'medium' and a severity value of 6.1.
CVE-2020-16192 allows reflected XSS in LimeSurvey 4.3.2.
The affected software version of CVE-2020-16192 is LimeSurvey 4.3.2.
To fix CVE-2020-16192, the code in application/controllers/LSBaseController.php should be updated to validate parameters.