Description Limesurvey before 3.17.14 does not enforce SSL/TLS usage in the default configuration. Remediation References CVE-2019-16179 Related Vulnerabilities Nexus Repository Manager Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2019-5475) WordPress Plugin Client Invoicing by Sprout Invoices-Easy Estimates and Invoices for WordPress Cross-Site Scripting (6.1) Jboss EAP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-3872) WordPress Plugin Cookie Information-Free GDPR Consent Solution Security Bypass (2.0.22) MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-4552) Severity Medium Classification CVE-2019-16179 CWE-295 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Tags Missing Update Known Vulnerabilities