10 matches found
CVE-2019-16172
LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion...
Exploit for Cross-site Scripting in Limesurvey
CVE-2019-16172 The CVE-2019-16172 Scanner is designed to check...
LimeSurvey 3.17.13 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications ======================================================================= title: Stored and reflected XSS vulnerabilities product: LimeSurvey vulnerable version: 3.17.14 CVE number: CVE-2019-16172, CVE-2019-16173 impact: medium homepage:...
LimeSurvey < 3.17.14 Multiple Vulnerabilities
LimeSurvey is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
LimeSurvey 3.17.13 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications ======================================================================= title: Stored and reflected XSS vulnerabilities product: LimeSurvey vulnerable version: 3.17.14 CVE number: CVE-2019-16172, CVE-2019-16173 impact: medium homepage:...
CVE-2019-16172
creationtimestamp| type| source ---|---|--- 2019-09-13 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/47386...
LimeSurvey 3.17.13 - Cross-Site Scripting
LimeSurvey 3.17.13 - Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored and reflected XSS vulnerabilities product: LimeSurvey vulnerable version: 3.17.14 CVE number: CVE-2019-16172,...
LimeSurvey 3.17.13 - Cross-Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored and reflected XSS vulnerabilities product: LimeSurvey vulnerable version: 3.17.14 CVE number: CVE-2019-16172, CVE-2019-16173 impact: medium homepage:...
CVE-2019-16172
LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion...
CVE-2019-16172
LimeSurvey is affected by CVE-2019-16172 (and related CVEs) via a stored XSS in versions prior to 3.17.14. The root cause is improper validation when creating a survey group, where the group title can contain JavaScript that is mishandled upon group deletion, allowing an attacker with low privile...