Security Advisory

CVE-2018-10228

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-12-14 18:31:22
Last updated 2026-07-09 00:09:22
Assigner mitre
State PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI.