Description

LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php,

Remediation

References

CVE-2019-16173

Related Vulnerabilities

MySQL CVE-2013-5860 Vulnerability (CVE-2013-5860)

WordPress Plugin Custom Sidebars-Dynamic Widget Area Manager Multiple Vulnerabilities (3.0.8)

Moodle DEPRECATED: Code Vulnerability (CVE-2015-2270)

Microsoft SQL Server Other Vulnerability (CVE-2001-0879)

PHP Integer Overflow or Wraparound Vulnerability (CVE-2016-5095)

Severity

Medium

Classification

CVE-2019-16173 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities