Description
LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenu[title] and Surveymenu[parent_id] parameters to execute arbitrary JavaScript in administrative contexts.
Remediation
References
Related Vulnerabilities
Magento CVE-2019-8230 Vulnerability (CVE-2019-8230)
WordPress Plugin Browser Blocker Cross-Site Scripting (0.5.6)
XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2023-26472)
WordPress Plugin Kama WP Smiles Unspecified Vulnerability (1.8.1)
WordPress Plugin Store Locator Plus for WordPress Open Email Relay (4.2.25)