Incomplete blacklist vulnerability in the autoEscape function in common_helper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting (XSS) attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Limesurvey | Limesurvey | 2.05+ (including) | 2.05+ (including) |