Description In Limesurvey before 3.17.14, admin users can mark other users' notifications as read. Remediation References CVE-2019-16181 Related Vulnerabilities jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5312) Oracle Application Server CVE-2008-1824 Vulnerability (CVE-2008-1824) WordPress Plugin BA Book Everything Cross-Site Scripting (1.3.24) WordPress Plugin Cleeng-Sell your videos Cross-Site Scripting (2.3.2) WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-17672) Severity Low Classification CVE-2019-16181 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Tags Missing Update Known Vulnerabilities