limesurvey is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the ‘changes_cp’ parameter in templatesavechanges() function, allowing a remote attacker to inject arbitrary web script or crafted HTML via URI.
CPE | Name | Operator | Version |
---|---|---|---|
limesurvey/limesurvey | le | 2018012401.x-dev | |
limesurvey/limesurvey | le | 2018012401.x-dev |