CVE-2011-5256

2022-10-0316:15:12

mitre

www.cve.org

cross-site scripting

limesurvey

remote attackers

web script

html injection

survey results

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.0%

JSON

Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters.

References

limesurvey.svn.sourceforge.net/viewvc/limesurvey/source/limesurvey/docs/release_notes.txt?view=markup

secunia.com/advisories/46831