Cross site scripting

2021-12-1419:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

42.6%

JSON

Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI.

CPENameOperatorVersion
limesurveyeq3.6.2 180406

CPE	Name	Operator	Version
	limesurvey	eq	3.6.2 180406

References

limesurvey.com

0.001 Low

EPSS

Percentile

42.6%

JSON

Related for PRION:CVE-2018-10228