Description

Cross-site scripting (XSS) vulnerability in admin/userrighthandling.php in LimeSurvey before 1.91+ Build 120224 allows remote attackers to inject arbitrary web script or HTML via the full_name parameter in a moduser action to admin/admin.php. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2012-4995

Related Vulnerabilities

Apache Traffic Server Uncontrolled Resource Consumption Vulnerability (CVE-2020-9481)

WordPress Plugin AVK-Shop Multiple Cross-Site Scripting Vulnerabilities (1.1.1)

WordPress Plugin Rate my Post-WP Rating System Multiple Vulnerabilities (3.3.4)

WordPress Plugin Mikiurl WordPress Eklentisi Cross-Site Request Forgery (2.0)

Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2003-0222)

Severity

Medium

Classification

CVE-2012-4995 CWE-707

Tags

Missing Update Known Vulnerabilities