CVE-2020-16192

LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters...

PT-2020-14794 · Limesurvey · Limesurvey

Name of the Vulnerable Software and Affected Versions: LimeSurvey version 4.3.2 Description: The issue allows for reflected XSS due to a lack of validation for parameters in the application/controllers/LSBaseController.php file. Recommendations: For LimeSurvey version 4.3.2, consider adding...