Skip to main content

Limesurvey CVE-2019-16178

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2019-09-09 cve@mitre.org
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 09, 2019 - 21:15 nvd
MEDIUM 5.4

DescriptionNVD

A stored cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows authenticated users with correct permissions to inject arbitrary web script or HTML via titles of admin box buttons on the home page.

AnalysisAI

A stored cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows authenticated users with correct permissions to inject arbitrary web script or HTML via titles of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A stored cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows authenticated users with correct permissions to inject arbitrary web script or HTML via titles of admin box buttons on the home page. Affected products include: Limesurvey. Version information: before 3.17.14.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2020-11455 CRITICAL POC
9.8 Apr 01

LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileM

CVE-2019-9960 CRITICAL POC
9.8 Mar 24

The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relati

CVE-2018-17057 CRITICAL POC
9.8 Sep 14

An issue was discovered in TCPDF before 6.2.22. Rated critical severity (CVSS 9.8), this vulnerability is remotely explo

CVE-2024-42902 HIGH POC
8.8 Sep 03

An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via

CVE-2024-39063 HIGH POC
8.8 Jul 09

Lime Survey <= 6.5.12 is vulnerable to Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerabi

CVE-2012-4927 HIGH POC
7.5 Sep 15

SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attack

CVE-2014-5017 HIGH POC
7.5 Jul 21

SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 14

CVE-2022-43279 HIGH POC
7.2 Nov 15

LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/th

CVE-2024-24506 MEDIUM POC
6.1 Apr 03

Cross Site Scripting (XSS) vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attacke

CVE-2021-42112 MEDIUM POC
6.1 Oct 08

The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.

CVE-2019-17660 MEDIUM POC
6.1 Oct 16

A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier

CVE-2025-56422 CRITICAL
9.8 Mar 10

LimeSurvey before v6.15.0 has an insecure deserialization enabling remote code execution through crafted survey data.

Share

CVE-2019-16178 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy