Cross-site scripting (XSS) vulnerability in LimeSurvey version 3.15.5 allows for Javascript code execution against LimeSurvey administrators

Cross-site scripting (XSS) vulnerability in LimeSurvey version 3.15.5 allows for Javascript code execution against LimeSurvey administrators

CVE-2018-20322 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators. Fixed in version 3.15.6.

Learn more about our Web Application Penetration Testing UK.