Security Advisory

CVE-2019-16172

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-09-09 18:23:53

Last updated 2024-08-05 01:10:41

Assigner mitre

State PUBLISHED

Description

LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion.

← Browse all CVEs View on cve.org ↗