Description

Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.

Remediation

References

CVE-2024-28710

Related Vulnerabilities

MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-16780)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-3734)

TYPO3 Improper Input Validation Vulnerability (CVE-2009-0258)

Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2019-10097)

WordPress Plugin Easy2Map Multiple SQL Injection Vulnerabilities (1.2.4)

Severity

Medium

Classification

CVE-2024-28710 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities