LimeSurvey 3.14.7: HTML Injection and Stored XSS Vulnerability in Appendix via surveyls_title Parameter

CVE-2018-17003 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveyls_title parameter to /index.php?r=admin/survey/sa/insert.

Learn more about our Web Application Penetration Testing UK.