Security Advisory

CVE-2018-10228

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-12-14 18:31:22

Last updated 2024-08-05 07:32:01

Assigner mitre

State PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI.

← Browse all CVEs View on cve.org ↗