Description
A reflected cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to inject arbitrary web script or HTML via extensions of uploaded files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy Digital Downloads Attach Accounts to Orders Cross-Site Scripting (2.0.1)
Jboss EAP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-7464)
PostgreSQL Numeric Errors Vulnerability (CVE-2007-4769)
Joomla! Core 1.0.x Multiple Vulnerabilities (1.0.0 - 1.0.3)
Dot CMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-3187)