Cross-site scripting (XSS) vulnerability in admin/userrighthandling.php in LimeSurvey before 1.91+ Build 120224 allows remote attackers to inject arbitrary web script or HTML via the full_name parameter in a moduser action to admin/admin.php. NOTE: some of these details are obtained from third party information.
CPE | Name | Operator | Version |
---|---|---|---|
limesurvey | eq | 1.80.0 | |
limesurvey | eq | 1.72 | |
limesurvey | eq | 1.85 | |
limesurvey | eq | 1.53.0 | |
limesurvey | eq | <= 1.91 | |
limesurvey | eq | 1.52 | |
limesurvey | eq | 1.87.0 | |
limesurvey | eq | 1.86 | |
limesurvey | eq | 1.90.0 | |
limesurvey | eq | 1.81.0 |