GHSA-fr47-r224-c36m
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fr47-r224-c36m
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fr47-r224-c36m/GHSA-fr47-r224-c36m.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-fr47-r224-c36m
- Aliases
- Published
- 2022-05-24T16:55:43Z
- Modified
- 2023-11-01T04:50:35.426890Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Cross-site Scripting in LimeSurvey
- Details
-
LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion.
- Database specific
{ "github_reviewed": true, "severity": "MODERATE", "nvd_published_at": "2019-09-09T19:15:00Z", "github_reviewed_at": "2023-02-14T00:28:19Z", "cwe_ids": [ "CWE-79" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-16172
- https://github.com/LimeSurvey/LimeSurvey/commit/32d6a5224327b246ee3a2a08500544e4f80f9a9a
- https://seclists.org/bugtraq/2019/Sep/27
- https://www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-190902-released
- http://packetstormsecurity.com/files/154479/LimeSurvey-3.17.13-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2019/Sep/22
Affected packages
Packagist / limesurvey/limesurvey
Package
- Name
- limesurvey/limesurvey
- Purl
- pkg:composer/limesurvey/limesurvey
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.17.14
Affected versions
2.*
2.2.5
2.65.2+170606
2.65.3+170607
2.65.4+170612
2.65.5+170613
2.65.6+170615
2.66.6+170619
2.67.0+170622
2.67.1+170626
2.67.2+170728
2.67.3+170728
2.70.0+170921
2.71.0+170925
2.71.1+170927
2.72.0+171010
2.72.1+171012
2.72.2+171017
2.72.3+171020
2.72.4+171110
2.72.5+171121
2.72.6+171207
2.73.0+171219
2.73.1+171220
3.*
3.0.0-beta.1+170720
3.0.0-beta.2+170810
3.0.0-beta.3+170914
3.0.0-RC.1
3.0.0-RC.2+171102
3.0.0-RC.3+171114
3.0.0+171222
3.0.1+171228
3.0.2+180110
3.0.3+180112
3.0.4+180116
3.0.5+180118
3.1.0
3.1.1+180130
3.2.0+180206
3.2.1+180207
3.3.0+180209
3.3.1
3.4.0+180219
3.4.1+180221
3.4.2+180223
3.4.3+180227
3.4.4+180305
3.5.0+180309
3.5.1+180312
3.5.2+180315
3.5.3+180316
3.5.4+180320
3.6.0+180328
3.6.1+180329
3.6.2+180406
3.6.3+180416
3.7.0+180418
3.7.1+180424
3.7.2+180508
3.7.3+180516
3.8.0+180522
3.8.1+180524
3.8.2+180529
3.9.0+180604
3.10.0+180611
3.11.0+180612
3.12.0+180615
3.12.1+180616
3.12.2+180625
3.12.3+180627
3.13.0+180628
3.13.1+180629
3.13.2+180709
3.14.0+180730
3.14.1+180731
3.14.2+180807
3.14.4+180810
3.14.5+180815
3.14.6+180821
3.14.7+180827
3.14.8+180829
3.14.9+180917
3.14.10+180926
3.14.11+180926
3.15.0+181008
3.15.1+181017
3.15.2+181107
3.15.3+181108
3.15.4+181109
3.15.5+181115
3.15.6+190108
3.15.7+190124
3.15.8+190130
3.15.9+190214
3.16.1+190314
3.17.0+190402
3.17.1+190408
3.17.3+190429
3.17.4+190529
3.17.5+190604
3.17.6+190624
3.17.7+190627
3.17.8+190722
3.17.9+190731
3.17.10+190821
3.17.11+190822
3.17.12+190823
3.17.13+190824