LimeSurvey 2.72.3 - Persistent XSS to Code Execution

See RIPS Scan Report Unauthenticated Persistent Cross-Site Scripting LimeSurvey 2.72.3 is prone to a persistent cross-site scripting vulnerability which is exploitable through the unauthenticated perspective. When submitting a public survey, the Continue Later feature allows users to save their...

Nextcloud: Reflected XSS in U2F plugin by shipping the example endpoints

While running a RIPS scan against our instrumentalized source code it noticed that the file /apps/twofactoru2f/vendor/yubico/u2flib-server/examples/localstorage/index.php echoes on user input: F145451 I was first a tad confused because the examples have been removed from our Git repository, but t...