Vulnerability Description
A reflected cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to inject arbitrary web script or HTML via extensions of uploaded files.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Limesurvey | Limesurvey | < 3.17.14 |
Related Weaknesses (CWE)
References
- https://github.com/LimeSurvey/LimeSurvey/commit/5870fd1037058bc4e43cccf893b576c7PatchRelease NotesThird Party Advisory
- https://www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-1909Release NotesVendor Advisory
- https://github.com/LimeSurvey/LimeSurvey/commit/5870fd1037058bc4e43cccf893b576c7PatchRelease NotesThird Party Advisory
- https://www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-1909Release NotesVendor Advisory
FAQ
What is CVE-2019-16182?
CVE-2019-16182 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A reflected cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to inject arbitrary web script or HTML via extensions of uploaded files.
How severe is CVE-2019-16182?
CVE-2019-16182 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-16182?
Check the references section above for vendor advisories and patch information. Affected products include: Limesurvey Limesurvey.