Description

Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote attackers to inject arbitrary web script or HTML via (1) the pid attribute to the getAttribute_json function to application/controllers/admin/participantsaction.php in CPDB, (2) the sa parameter to application/views/admin/globalSettings_view.php, or (3) a crafted CSV file to the "Import CSV" functionality.

Remediation

References

CVE-2014-5016

Related Vulnerabilities

WordPress Plugin Simple SEO Cross-Site Scripting (1.7.91)

Java Unspesificed Vulnerability (CVE-2019-2602)

WordPress CVE-2012-2399 Vulnerability (CVE-2012-2399)

silverstripeCMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-12246)

WordPress Plugin Slider by 10Web-Responsive Image Slider Cross-Site Request Forgery (1.2.22)

Severity

Medium

Classification

CVE-2014-5016 CWE-707

Tags

Missing Update Known Vulnerabilities