CVE-2018-1000513
LimeSurvey 3.0.0-beta.3+17110 contains an XSS in Boxes that can execute JavaScript in admin sessions. The vulnerability arises from the program failing to filter the Destination parameter and could be exploited remotely; it is stated to be fixed in 3.6.x. Connected sources corroborate the XSS imp...