Description
A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2020-2654 Vulnerability (CVE-2020-2654)
WordPress Plugin Simple Link Directory Cross-Site Scripting (7.3.4)
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2107)
WordPress Plugin WP Statistics SQL Injection (12.6.6.1)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2484)