CVE Vulnerabilities

CVE-2014-5018

Published: Jul 21, 2014 | Modified: Jul 22, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Incomplete blacklist vulnerability in the autoEscape function in common_helper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting (XSS) attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume.

Affected Software

Name Vendor Start Version End Version
Limesurvey Limesurvey 2.05+ (including) 2.05+ (including)

References