Description

Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters.

Remediation

References

CVE-2011-5256

Related Vulnerabilities

WordPress Plugin Codestyling Localization 'name' Parameter Cross-Site Scripting (1.99.19)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2008-2829)

MySQL CVE-2016-3486 Vulnerability (CVE-2016-3486)

XWiki Improper Handling of Insufficient Privileges Vulnerability (CVE-2024-21648)

phpBB URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2015-3880)

Severity

Low

Classification

CVE-2011-5256 CWE-707

Tags

Missing Update Known Vulnerabilities