Description
A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin.
Remediation
References
Related Vulnerabilities
MySQL CVE-2015-2620 Vulnerability (CVE-2015-2620)
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7330)
WordPress Plugin Participants Database SQL Injection (1.5.4.8)
WordPress Plugin Homepage SlideShow Arbitrary File Upload (2.3)
Joomla Incorrect Authorization Vulnerability (CVE-2010-1435)