Description

Incomplete blacklist vulnerability in the autoEscape function in common_helper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting (XSS) attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume.

Remediation

References

CVE-2014-5018

Related Vulnerabilities

WordPress Plugin ApplyOnline-Application Form Builder and Manager Arbitrary File Disclosure (1.9.92)

MySQL CVE-2022-21270 Vulnerability (CVE-2022-21270)

WordPress Plugin AccessAlly Information Disclosure (3.5.6)

TYPO3 Uncontrolled Recursion Vulnerability (CVE-2021-21359)

WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.7)

Severity

Medium

Classification

CVE-2014-5018

Tags

Missing Update Known Vulnerabilities