5.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
19.4%
A stored cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows authenticated users with correct permissions to inject arbitrary web script or HTML via titles of admin box buttons on the home page.
github.com/LimeSurvey/LimeSurvey/commit/5870fd1037058bc4e43cccf893b576c72293371e#diff-d539f3f8185667ee48db78e1bf65a3b4R39
www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-190902-released