Description
A reflected cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to inject arbitrary web script or HTML via extensions of uploaded files.
Remediation
References
Related Vulnerabilities
SugarCRM Incomplete List of Disallowed Inputs Vulnerability (CVE-2015-5946)
PHP Resource Management Errors Vulnerability (CVE-2010-1917)
IBM WebSEAL Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-4660)
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2024-38024)
WordPress Plugin Keep Backup Daily Cross-Site Scripting (2.0.2)