Description

Incomplete blacklist vulnerability in the autoEscape function in common_helper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting (XSS) attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume.

Remediation

References

CVE-2014-5018

Related Vulnerabilities

Python Credentials Management Errors Vulnerability (CVE-2019-10160)

Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-5515)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42220)

qdPM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-26166)

WordPress Plugin Widget for Facebook Page Feeds Cross-Site Scripting (5.0)

Severity

Medium

Classification

CVE-2014-5018

Tags

Missing Update Known Vulnerabilities