Description
Incomplete blacklist vulnerability in the autoEscape function in common_helper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting (XSS) attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume.
Remediation
References
Related Vulnerabilities
WordPress Plugin Resize Image After Upload Cross-Site Request Forgery (1.8.5)
WordPress Plugin NextGEN Gallery-WordPress Gallery Local File Inclusion (2.1.7)
WordPress Plugin Link Library SQL Injection (5.9.13.26)
WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (2.0.226)
Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7872)