6 matches found
CVE-2019-16172
LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion...
Exploit for Cross-site Scripting in Limesurvey
CVE-2019-16172 The CVE-2019-16172 Scanner is designed to check...
privilege escalation bug to creation survey-group with others group as parent
BUG ======= privilege escalation bug to creation survey-group with others group as parent\ ACCOUNT ============= 1. user-A -- superadmin\ 2. user-B -- normal user\ user-B has only create permission in survey-group . does not have view permission in survey group\ as user-B does not have view...
LimeSurvey Cross-Site Scripting Vulnerability (CNVD-2019-31351)
limesurvey is an open source online questionnaire program with multiple functions such as questionnaire design, modification, release, recovery and statistics. A stored cross-site scripting vulnerability exists in versions prior to Limesurvey 3.17.14. An attacker can exploit this vulnerability to...
Arbitrary file deletion
LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion...
PT-2019-14552 · Limesurvey · Limesurvey
Name of the Vulnerable Software and Affected Versions: LimeSurvey versions prior to 3.17.14 Description: The issue allows for stored XSS, enabling an attacker to escalate privileges from a low-privileged account to a higher-privileged one, such as SuperAdmin. This is achieved by creating a survey...