Description

Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters.

Remediation

References

CVE-2011-5256

Related Vulnerabilities

Ruby Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-8780)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5320)

WebLogic Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2022-23437)

Oracle Database Server CVE-2011-0830 Vulnerability (CVE-2011-0830)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3742)

Severity

Low

Classification

CVE-2011-5256 CWE-707

Tags

Missing Update Known Vulnerabilities