Description

Incomplete blacklist vulnerability in the autoEscape function in common_helper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting (XSS) attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume.

Remediation

References

CVE-2014-5018

Related Vulnerabilities

Ruby Improper Input Validation Vulnerability (CVE-2011-4815)

WordPress Plugin JW Player for Flash & HTML5 Video Cross-Site Request Forgery (2.1.3)

WordPress Plugin Sliding Recent Posts Cross-Site Request Forgery (1.0)

WordPress Plugin Facebook Page Feed Timeline Cross-Site Scripting (1.0)

ownCloud Resource Management Errors Vulnerability (CVE-2015-6500)

Severity

Medium

Classification

CVE-2014-5018

Tags

Missing Update Known Vulnerabilities