Description
A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO.
Remediation
References
Related Vulnerabilities
Envoy Proxy Excessive Iteration Vulnerability (CVE-2021-32778)
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9049)
WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.36)
PostgreSQL Other Vulnerability (CVE-2006-5540)
Oracle JRE Cryptographic Issues Vulnerability (CVE-2012-5373)