CVE-2019-16182

2019-09-0921:15:11

Google

osv.dev

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.1%

JSON

A reflected cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to inject arbitrary web script or HTML via extensions of uploaded files.

CPENameOperatorVersion
limesurveyeq1.71_plus_2008-07-15
limesurveyeq2.00_plus_121231
limesurveyeq3.14.10+180924
limesurveyeq3.15.0+181008
limesurveyeq2.06_plus_150831
limesurveyeq1.92_plus_120608
limesurveyeq2.06_plus_150723
limesurveyeq2.70.0+170921
limesurveyeq2.05_beta_2
limesurveyeq2.50_plus_160613

Name	Operator	Version
limesurvey	eq	1.71_plus_2008-07-15
limesurvey	eq	2.00_plus_121231
limesurvey	eq	3.14.10+180924
limesurvey	eq	3.15.0+181008
limesurvey	eq	2.06_plus_150831
limesurvey	eq	1.92_plus_120608
limesurvey	eq	2.06_plus_150723
limesurvey	eq	2.70.0+170921
limesurvey	eq	2.05_beta_2
limesurvey	eq	2.50_plus_160613