Cross-site scripting (XSS) vulnerability in admin/userrighthandling.php in LimeSurvey prior to 1.91+ Build 120224 allows remote malicious users to inject arbitrary web script or HTML via the full_name parameter in a moduser action to admin/admin.php. NOTE: some of these details are obtained from third party information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
limesurvey limesurvey 1.87\\+ |
||
limesurvey limesurvey 1.86 |
||
limesurvey limesurvey 1.70\\+ |
||
limesurvey limesurvey 1.85 |
||
limesurvey limesurvey 1.82\\+ |
||
limesurvey limesurvey 1.52 |
||
limesurvey limesurvey 1.50 |
||
limesurvey limesurvey 1.01 |
||
limesurvey limesurvey |
||
limesurvey limesurvey 1.90\\+ |
||
limesurvey limesurvey 1.72 |
||
limesurvey limesurvey 1.71\\+ |
||
limesurvey limesurvey 1.53\\+ |
||
limesurvey limesurvey 1.81\\+ |
||
limesurvey limesurvey 1.80\\+ |