Description
A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO.
Remediation
References
Related Vulnerabilities
Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-8114)
WordPress Plugin Slimstat Analytics Cross-Site Request Forgery (4.8.3)
WordPress Plugin Auto Amazon Links-Amazon Associates Affiliate Unspecified Vulnerability (2.0.3.4)
WordPress Plugin Live Chat with Facebook Messenger Cross-Site Scripting (1.4.4)
WordPress Plugin WP Social Feed Gallery Unspecified Vulnerability (2.1.1)