Description
Limesurvey before 3.17.14 does not enforce SSL/TLS usage in the default configuration.
Remediation
References
Related Vulnerabilities
WordPress Plugin Essential Real Estate Cross-Site Scripting (1.7.0)
WordPress Plugin ImageMagick Engine Cross-Site Request Forgery (1.7.4)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-7317)
IBM RTC Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-0748)
WordPress Plugin Slider Hero with Animation, Video Background Unspecified Vulnerability (5.5.0)