CVE-2019-16173

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-16173
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-16173.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-16173
Aliases
Published
2019-09-09T19:15:11.283Z
Modified
2026-03-20T11:29:25.973506Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/SurveyCommonAction.php,

References

Affected packages

Git / github.com/limesurvey/limesurvey

Affected ranges

Type
GIT
Repo
https://github.com/limesurvey/limesurvey
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8820d9619e8f6bdc773e1d12abd670e64ae98ccb
Fixed
f1c1ad2d24eb262363511fcca2e96ce737064006
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.17.4"
        }
    ]
}

Affected versions

1.*
1.45a
1.45a_2007-02-24
1.50_2007-08-06
1.53_2007-11-01
1.70_2008-02-25
1.70_plus_2008-03-09
1.70_plus_2008-03-16
1.70_plus_2008-03-17
1.70_plus_2008-03-30
1.70_plus_2008-04-07
1.70_plus_2008-04-14
1.70_plus_2008-04-21
1.70_plus_2008-04-28
1.70_plus_2008-05-05
1.70_plus_2008-05-12
1.70_plus_2008-05-19
1.70_plus_2008-05-21
1.70_plus_2008-05-26
1.71_plus_2008-06-12
1.71_plus_2008-06-17
1.71_plus_2008-06-30
1.71_plus_2008-07-07
1.71_plus_2008-07-15
1.71_plus_2008-07-30
1.71_plus_2008-08-05
1.71_plus_2008-08-15
1.71_plus_2008-08-27
1.71_plus_2008-09-01
1.71_plus_2008-09-08
1.71_plus_2008-09-15
1.71_plus_2008-09-22
1.71_plus_2008-09-29
1.72_2008-10-07
1.80_2009-03-09
1.80_plus_2009-03-23
1.80_plus_2009-03-30
1.80_plus_2009-04-06
1.81_2009-04-10
1.81_plus_2009-04-16
1.81_plus_2009-04-20
1.82_2009-04-29
1.82_plus_2009-05-04
1.82_plus_2009-05-11
1.85_2009-06-15
1.85_plus_2009-06-22
1.85_plus_2009-06-29
1.85_plus_2009-07-08
1.85_plus_2009-07-20
1.85_plus_2009-08-03
1.85_plus_2009-08-10
1.85_plus_2009-08-12
1.85_plus_2009-08-19
1.85_plus_2009-08-24
1.85_plus_2009-08-31
1.85_plus_2009-09-07
1.85_plus_2009-09-15
1.85_plus_2009-09-21
1.85_plus_2009-09-28
1.86_2009-09-30
1.87_2009-12-29
1.87_plus_2010-01-05
1.87_plus_2010-01-12
1.87_plus_2010-01-19
1.87_plus_2010-01-26
1.87_plus_2010-02-02
1.87_plus_2010-02-09
1.87_plus_2010-02-11
1.87_plus_2010-02-16
1.87_plus_2010-02-23
1.87_plus_2010-03-02
1.87_plus_2010-03-09
1.87_plus_2010-03-18
1.87_plus_2010-03-23
1.90_plus_2010-08-10
1.90_plus_2010-08-17
1.90_plus_2010-08-24
1.90_plus_2010-09-07
1.90_plus_2010-09-14
1.90_plus_2010-09-29
1.90_plus_2010-10-05
1.90_plus_2010-10-12
1.90_plus_2010-10-13
1.90_plus_2010-10-19
1.90_plus_2010-10-20
1.90_plus_2010-10-23
1.90_plus_2010-10-26
1.90_plus_2010-11-03
1.90_plus_2010-11-09
1.90_plus_2010-11-16
1.90_plus_2010-11-23
1.90_plus_2010-11-30
1.90_plus_2010-12-07
1.90_plus_2010-12-14
1.90_plus_2011-01-25
1.91RC3
1.91_2011-05-03
1.91_plus_10232
1.91_plus_10315
1.91_plus_2011-05-10
1.91_plus_2011-05-12
1.91_plus_2011-05-17
1.91_plus_2011-05-25
1.91_plus_2011-06-01
1.91_plus_2011-06-05
1.91_plus_2011-06-08
1.91_plus_2011-06-15
1.91_plus_2011-06-21
1.91_plus_2011-06-29
1.91_plus_2011-07-08
1.91_plus_2011-07-11
1.91_plus_2011-07-12
1.91_plus_2011-07-22
1.91_plus_2011-07-28
1.91_plus_2011-08-03
1.91_plus_2011-08-05
1.91_plus_2011-08-10
1.91_plus_2011-08-11
1.91_plus_2011-08-16
1.91_plus_2011-08-26
1.91_plus_2011-09-06
1.91_plus_2011-09-20
1.91_plus_2011-09-21
1.91_plus_2011-10-05
1.91_plus_2011-10-14
1.91_plus_2011-10-20
1.91_plus_2011-10-21
1.91_plus_2011-11-08
1.91_plus_2011-11-16
1.91_plus_2011-12-30
1.91_plus_2012-01-23
1.91_plus_2012-02-05
1.91_plus_2012-02-09
1.91_plus_2012-02-24
1.91_plus_2012-03-02
1.92RC1
1.92RC2
1.92RC3
1.92RC4
1.92RC5
1.92_120303
1.92_plus_120311
1.92_plus_120314
1.92_plus_120319
1.92_plus_120323
1.92_plus_120325
1.92_plus_120330
1.92_plus_120405
1.92_plus_120412
1.92_plus_120418
1.92_plus_120425
1.92_plus_120501
1.92_plus_120509
1.92_plus_120516
1.92_plus_120517
1.92_plus_120526
1.92_plus_120529
1.92_plus_120530
1.92_plus_120607
1.92_plus_120608
1.92_plus_120613
1.92_plus_120620
1.92_plus_120623
1.92_plus_120704
1.92_plus_120711
1.92_plus_120718
1.92_plus_120725
1.92_plus_120801
1.92_plus_120815
1.92_plus_120822
1.92_plus_120909
1.92_plus_120919
2.*
2.00RC1_120510
2.00RC2_120528
2.00RC2_1205621
2.00RC3_1205621
2.00RC4_1205622
2.00RC5_120719
2.00RC7_120721
2.00RC8_120803
2.00RC9_120816
2.00_120920
2.00_120926
2.00_plus_120924
2.00_plus_120926
2.00_plus_120930
2.00_plus_120931
2.00_plus_121002
2.00_plus_121005
2.00_plus_121006
2.00_plus_121009
2.00_plus_121011
2.00_plus_121013
2.00_plus_121014
2.00_plus_121016
2.00_plus_121017
2.00_plus_121019
2.00_plus_121024
2.00_plus_121025
2.00_plus_121030
2.00_plus_121031
2.00_plus_121101
2.00_plus_121102
2.00_plus_121104
2.00_plus_121106
2.00_plus_121113
2.00_plus_121114
2.00_plus_121115
2.00_plus_121116
2.00_plus_121117
2.00_plus_121120
2.00_plus_121121
2.00_plus_121127
2.00_plus_121204
2.00_plus_121207
2.00_plus_121208
2.00_plus_121209
2.00_plus_121211
2.00_plus_121213
2.00_plus_121220
2.00_plus_121231
2.00_plus_130103
2.00_plus_130108
2.00_plus_130110
2.00_plus_130115
2.00_plus_130116
2.00_plus_130122
2.00_plus_130129
2.00_plus_130206
2.00_plus_130213
2.00_plus_130219
2.00_plus_130226
2.00_plus_130305
2.00_plus_130311
2.00_plus_130317
2.00_plus_130325
2.00_plus_130406
2.00_plus_130423
2.00_plus_130428
2.00_plus_130513
2.00_plus_130514
2.00_plus_130526
2.00_plus_130611
2.00_plus_130708
2.00_plus_130802
2.00_plus_130913
2.00_plus_130923
2.00_plus_130929
2.00_plus_131009
2.00_plus_131022
2.00_plus_131031
2.00_plus_131107
2.00_plus_131122
2.00_plus_131202
2.00_plus_131206
2.00a2_120312
2.00a3_120315
2.00b1_120406
2.05RC1_130924
2.05RC2
2.05RC3_131023
2.05RC4_131024
2.05RC5_131030
2.05RC6_131105
2.05_131209
2.05_beta_1
2.05_beta_2
2.05_beta_3
2.05_beta_4
2.05_beta_5
2.05_beta_6
2.05_plus_131219
2.05_plus_140109
2.05_plus_140116
2.05_plus_140125
2.05_plus_140131
2.05_plus_140204
2.05_plus_140212
2.05_plus_140216
2.05_plus_140217
2.05_plus_140226
2.05_plus_140302
2.05_plus_140317
2.05_plus_140320
2.05_plus_140404
2.05_plus_140414
2.05_plus_140422
2.05_plus_140502
2.05_plus_140520
2.05_plus_140611
2.05_plus_140612
2.05_plus_140618
2.05_plus_140703
2.05_plus_140717
2.05_plus_140730
2.05_plus_140811
2.05_plus_140902
2.05_plus_140911
2.05_plus_140915
2.05_plus_141003
2.05_plus_141020
2.05_plus_141109
2.05_plus_141110
2.05_plus_141113
2.05_plus_141123
2.05_plus_141126
2.05_plus_141210
2.05_plus_141229
2.05_plus_150211
2.05_plus_150310
2.05_plus_150413
2.05_plus_150508
2.05_plus_150520
2.06RC1_150507
2.06RC2_150511
2.06_alpha_1
2.06_alpha_2
2.06_plus_150611
2.06_plus_150612
2.06_plus_150619
2.06_plus_150629
2.06_plus_150723
2.06_plus_150729
2.06_plus_150730
2.06_plus_150731
2.06_plus_150812
2.06_plus_150824
2.06_plus_150825
2.06_plus_150831
2.06_plus_150911
2.06_plus_150930
2.06_plus_151014
2.06_plus_151016
2.06_plus_151018
2.06_plus_151109
2.06_plus_151126
2.06_plus_151205
2.06_plus_151215
2.06_plus_160121
2.06_plus_160123
2.06_plus_160129
2.50.1_160823
2.50RC1_151005
2.50RC2_151008
2.50RC3_151203
2.50RC4_151204
2.50RC5_151207
2.50RC6_160108
2.50RC7_160121
2.50RC8_160131
2.50_plus_160202
2.50_plus_160204
2.50_plus_160206
2.50_plus_160210
2.50_plus_160212
2.50_plus_160213
2.50_plus_160215
2.50_plus_160216
2.50_plus_160217
2.50_plus_160218
2.50_plus_160219
2.50_plus_160222
2.50_plus_160223
2.50_plus_160225
2.50_plus_160228
2.50_plus_160307
2.50_plus_160308
2.50_plus_160309
2.50_plus_160310
2.50_plus_160311
2.50_plus_160314
2.50_plus_160316
2.50_plus_160317
2.50_plus_160323
2.50_plus_160330
2.50_plus_160401
2.50_plus_160404
2.50_plus_160405
2.50_plus_160407
2.50_plus_160408
2.50_plus_160411
2.50_plus_160412
2.50_plus_160413
2.50_plus_160414
2.50_plus_160415
2.50_plus_160418
2.50_plus_160421
2.50_plus_160425
2.50_plus_160426
2.50_plus_160428
2.50_plus_160430
2.50_plus_160503
2.50_plus_160504
2.50_plus_160506
2.50_plus_160512
2.50_plus_160516
2.50_plus_160517
2.50_plus_160523
2.50_plus_160525
2.50_plus_160526
2.50_plus_160529
2.50_plus_160602
2.50_plus_160603
2.50_plus_160606
2.50_plus_160613
2.50_plus_160614
2.50_plus_160616
2.50_plus_160620
2.50_plus_160714
2.50_plus_160715
2.50_plus_160718
2.50_plus_160725
2.50_plus_160726
2.50_plus_160727
2.50_plus_160728
2.50_plus_160731
2.50_plus_160804
2.50_plus_160810
2.50_plus_160812
2.50_plus_160816
2.50_plus_160817
2.51.0_160829
2.51.1_160901
2.51.2_160906
2.51.3_160907
2.51.4+160908
2.51.4_160908
2.52+160929
2.53+161004
2.54+161007
2.54.1+161010
2.54.2+161012
2.54.3+161014
2.54.4+161018
2.54.5+161019
2.55+161021
2.55.1+161026
2.55.2+161103
2.55.3+161111
2.56+161117
2.56.1+161118
2.57.0+161202
2.57.1+161205
2.58.0+170104
2.58.1+170113
2.58.2+170114
2.59.0+170115
2.59.1+170116
2.62.0+170124
2.62.1+170130
2.62.2+170203
2.63.0+170304
2.63.1+170305
2.64.0+170307
2.64.1+170310
2.64.2+170324
2.64.3+170327
2.64.4+170330
2.64.5+170331
2.64.6+170332
2.64.7+170404
2.65.0+170502
2.65.0+170522
2.65.1+170522
2.65.2+170606
2.65.3+170607
2.65.4+170612
2.65.5+170613
2.65.6+170615
2.66.6+170619
2.67.0+170622
2.67.1+170626
2.67.2+170719
2.67.2+170728
2.67.3+170728
2.70.0+170921
2.71.0+170925
2.71.1+170927
2.72.0+171010
2.72.1+171012
2.72.2+171017
2.72.3+171020
2.72.4+171110
2.72.5+171121
2.72.6+171207
2.73.0+171219
2.73.1+171220
2.91_plus_10315
3.*
3.0.0+171222
3.0.0-RC.1
3.0.0-RC.2+171102
3.0.0-RC.3+171114
3.0.0-beta.1+170720
3.0.0-beta.2+170810
3.0.0-beta.3+170914
3.0.1+171228
3.0.2+180110
3.0.3+180112
3.0.4+180116
3.0.5+180118
3.1.0
3.1.1+180130
3.10.0+180611
3.11.0+180612
3.12.0+180615
3.12.1+180616
3.12.2+180625
3.12.3+180627
3.13.0+180628
3.13.1+180629
3.13.2+180709
3.14.0+180730
3.14.1+180731
3.14.10+180924
3.14.10+180926
3.14.11+180926
3.14.2+180807
3.14.4+180810
3.14.5+180815
3.14.6+180821
3.14.7+180827
3.14.8+180829
3.14.9+180917
3.15.0+181008
3.15.1+181017
3.15.2+181107
3.15.3+181108
3.15.4+181109
3.15.5+181115
3.15.6+190108
3.15.7+190124
3.15.8+190130
3.15.9+190214
3.16.1+190225
3.16.1+190314
3.17.0+190402
3.17.1+190408
3.17.3+190429
3.2.0+180206
3.2.1+180207
3.3.0+180209
3.3.1
3.4.0+180219
3.4.1+180221
3.4.2+180223
3.4.3+180227
3.4.4+180305
3.5.0+180309
3.5.1+180312
3.5.2+180315
3.5.3+180316
3.5.4+180320
3.6.0+180328
3.6.1+180329
3.6.2+180406
3.6.3+180416
3.7.0+180418
3.7.1+180424
3.7.2+180508
3.7.3+180516
3.8.0+180522
3.8.1+180524
3.8.2+180529
3.9.0+180604

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-16173.json"