Description
Incomplete blacklist vulnerability in the autoEscape function in common_helper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting (XSS) attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume.
Remediation
References
Related Vulnerabilities
WordPress Plugin EventCommerce WP Event Calendar Cross-Site Scripting (1.0)
WordPress Plugin Feedweb Cross-Site Scripting (1.8.8)
Joomla Improper Input Validation Vulnerability (CVE-2020-11890)
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.7)
WordPress Plugin Integration for Contact Form 7 and ActiveCampaign Cross-Site Scripting (1.0.3)