Description

A reflected cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to inject arbitrary web script or HTML via extensions of uploaded files.

Remediation

References

CVE-2019-16182

Related Vulnerabilities

Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-3221)

Moodle Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-9186)

GlassFish Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3250)

e107 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2006-2416)

WordPress Plugin Easy Digital Downloads Attach Accounts to Orders Cross-Site Scripting (2.0.1)

Severity

Medium

Classification

CVE-2019-16182 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities