Description
LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators. Fixed in version 3.15.6.
Remediation
References
Related Vulnerabilities
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0703)
IBM WebSEAL Incorrect Authorization Vulnerability (CVE-2023-38368)
WordPress Plugin Per page add to head Cross-Site Scripting (1.4.4)
Joomla! Core 1.5.x Multiple Cross-Site Scripting Vulnerabilities (1.5.0 - 1.5.20)