Description
Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote attackers to inject arbitrary web script or HTML via (1) the pid attribute to the getAttribute_json function to application/controllers/admin/participantsaction.php in CPDB, (2) the sa parameter to application/views/admin/globalSettings_view.php, or (3) a crafted CSV file to the "Import CSV" functionality.
Remediation
References
Related Vulnerabilities
WordPress Plugin Multicons [Multiple Favicons] Cross-Site Scripting (2.1)
MySQL CVE-2019-2632 Vulnerability (CVE-2019-2632)
WordPress Plugin YITH WooCommerce Ajax Product Filter Cross-Site Scripting (3.11.0)
WordPress Plugin Gallery-Video Gallery and Youtube Gallery Multiple Vulnerabilities (2.0.3)
WordPress Plugin Design Approval System Cross-Site Scripting (3.6)