Description
LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php,
Remediation
References
Related Vulnerabilities
Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-9591)
WordPress Plugin Event Single Page Templates Addon For The Events Calendar Security Bypass (1.5)
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2023-28625)
WordPress Plugin VikBooking Hotel Booking Engine & PMS Multiple Vulnerabilities (1.5.3)