Vulnerability Description
A stored cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows authenticated users with correct permissions to inject arbitrary web script or HTML via titles of admin box buttons on the home page.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Limesurvey | Limesurvey | < 3.17.14 |
Related Weaknesses (CWE)
References
- https://github.com/LimeSurvey/LimeSurvey/commit/5870fd1037058bc4e43cccf893b576c7PatchRelease NotesThird Party Advisory
- https://www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-1909Release NotesThird Party Advisory
- https://github.com/LimeSurvey/LimeSurvey/commit/5870fd1037058bc4e43cccf893b576c7PatchRelease NotesThird Party Advisory
- https://www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-1909Release NotesThird Party Advisory
FAQ
What is CVE-2019-16178?
CVE-2019-16178 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A stored cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows authenticated users with correct permissions to inject arbitrary web script or HTML via titles of a...
How severe is CVE-2019-16178?
CVE-2019-16178 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-16178?
Check the references section above for vendor advisories and patch information. Affected products include: Limesurvey Limesurvey.