Description

LimeSurvey before 2.72.4 has Stored XSS by using the Continue Later (aka Resume later) feature to enter an email address, which is mishandled in the admin panel.

Remediation

References

CVE-2017-18358

Related Vulnerabilities

PHP Incorrect Calculation of Buffer Size Vulnerability (CVE-2008-0599)

CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41164)

Magento Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-9690)

Coppermine Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7186)

Oracle Application Server CVE-2009-3412 Vulnerability (CVE-2009-3412)

Severity

Medium

Classification

CVE-2017-18358 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities