Description

Cross-site scripting (XSS) vulnerability in admin/userrighthandling.php in LimeSurvey before 1.91+ Build 120224 allows remote attackers to inject arbitrary web script or HTML via the full_name parameter in a moduser action to admin/admin.php. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2012-4995

Related Vulnerabilities

PHP Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') Vulnerability (CVE-2018-19518)

WordPress Plugin File Groups 'fgid' Parameter SQL Injection (1.1.2)

Nexus Repository Manager Cleartext Storage of Sensitive Information Vulnerability (CVE-2020-11415)

Joomla Improper Input Validation Vulnerability (CVE-2016-8870)

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4194)

Severity

Medium

Classification

CVE-2012-4995 CWE-707

Tags

Missing Update Known Vulnerabilities