Description
LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion.
Remediation
References
Related Vulnerabilities
WordPress Plugin Participants Database Cross-Site Scripting (1.7.5.9)
Apache HTTP Server Other Vulnerability (CVE-2002-0840)
WordPress Plugin WP Hotel Booking Cross-Site Request Forgery (1.10.5)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2401)
WordPress Plugin Controlled Admin Access Security Bypass (1.5.5)