Description

LimeSurvey before 2.72.4 has Stored XSS by using the Continue Later (aka Resume later) feature to enter an email address, which is mishandled in the admin panel.

Remediation

References

CVE-2017-18358

Related Vulnerabilities

Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2021-3690)

PHP CVE-2004-0542 Vulnerability (CVE-2004-0542)

Oracle JRE CVE-2013-2384 Vulnerability (CVE-2013-2384)

WordPress Plugin BuddyPress Members Only Cross-Site Scripting (1.8.3)

WordPress Plugin GS Portfolio for Envato Cross-Site Scripting (1.3.8)

Severity

Medium

Classification

CVE-2017-18358 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities