Description
A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO.
Remediation
References
Related Vulnerabilities
MySQL CVE-2022-21417 Vulnerability (CVE-2022-21417)
OpenSSL Cryptographic Issues Vulnerability (CVE-2014-3570)
Apache HTTP Server Other Vulnerability (CVE-2000-1206)
WordPress Plugin Autoptimize Multiple Vulnerabilities (2.7.6)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1831)