Description
LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters.
Remediation
References
Related Vulnerabilities
WordPress Plugin Frontend Uploader Cross-Site Scripting (1.3.2)
Hesk Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3743)
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3231)
MySQL CVE-2022-21290 Vulnerability (CVE-2022-21290)
Atlassian Confluence CVE-2023-22503 Vulnerability (CVE-2023-22503)