Description

A reflected cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to inject arbitrary web script or HTML via extensions of uploaded files.

Remediation

References

CVE-2019-16182

Related Vulnerabilities

WordPress Plugin Easy Digital Downloads Attach Accounts to Orders Cross-Site Scripting (2.0.1)

Jboss EAP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-7464)

PostgreSQL Numeric Errors Vulnerability (CVE-2007-4769)

Joomla! Core 1.0.x Multiple Vulnerabilities (1.0.0 - 1.0.3)

Dot CMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-3187)

Severity

Medium

Classification

CVE-2019-16182 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities