Description

Limesurvey before 3.17.14 does not enforce SSL/TLS usage in the default configuration.

Remediation

References

CVE-2019-16179

Related Vulnerabilities

MongoDb CVE-2019-2390 Vulnerability (CVE-2019-2390)

WordPress Plugin Database for Contact Form 7, WPforms, Elementor forms Cross-Site Scripting (1.1.5)

WordPress Plugin Meks Flexible Shortcodes Cross-Site Scripting (1.3.4)

WordPress Plugin Contact Form Generator Multiple Cross-Site Request Forgery Vulnerabilities (2.1.86)

Oracle Application Server CVE-2006-0291 Vulnerability (CVE-2006-0291)

Severity

Medium

Classification

CVE-2019-16179 CWE-295 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities