Description

Incomplete blacklist vulnerability in the autoEscape function in common_helper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting (XSS) attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume.

Remediation

References

CVE-2014-5018

Related Vulnerabilities

Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-4094)

WordPress Plugin Watu Quiz Cross-Site Scripting (3.1.2.4)

silverstripeCMS Session Fixation Vulnerability (CVE-2022-24444)

WordPress Plugin Carousel slideshow 'swfupload.swf' Cross-Site Scripting (3.10)

WordPress Plugin uCare-Support Ticket System Cross-Site Scripting (1.2.1)

Severity

Medium

Classification

CVE-2014-5018

Tags

Missing Update Known Vulnerabilities