LimeSurvey 3.14.7: HTML Injection and Stored XSS Vulnerability in Appendix via surveyls_title Parameter
CVE-2018-17003 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveyls_title parameter to /index.php?r=admin/survey/sa/insert.
Learn more about our Web Application Penetration Testing UK.