Description
Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.
Remediation
References
Related Vulnerabilities
MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-16780)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-3734)
TYPO3 Improper Input Validation Vulnerability (CVE-2009-0258)
Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2019-10097)
WordPress Plugin Easy2Map Multiple SQL Injection Vulnerabilities (1.2.4)