Description Limesurvey before 3.17.14 does not enforce SSL/TLS usage in the default configuration. Remediation References CVE-2019-16179 Related Vulnerabilities WordPress Plugin Calendar Event Multi View Multiple SQL Injection Vulnerabilities (1.1.7) Apache Tomcat version older than 7.0.32 WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress Multiple Unspecified Vulnerabilities (4.2) Oracle JRE CVE-2014-0452 Vulnerability (CVE-2014-0452) WordPress Plugin Pardakht Delkhah Cross-Site Scripting (2.9.2) Severity Medium Classification CVE-2019-16179 CWE-295 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Tags Missing Update Known Vulnerabilities