Cross-Site Scripting Vulnerability in LimeSurvey by LimeSurvey
CVE-2018-10228

6.1MEDIUM

Key Information:

Vendor: Limesurvey
Status: Limesurvey
Vendor: CVE Published:; 14 December 2021

What is CVE-2018-10228?

A cross-site scripting vulnerability exists in the LimeSurvey application, specifically within the admin theme controller. This flaw allows remote attackers to execute arbitrary web scripts or inject HTML content through the manipulation of the changes_cp parameter within the index.php/admin/themes/sa/templatesavechanges URI. This could potentially compromise the integrity of user sessions and lead to unauthorized actions within the application.

References

http://limesurvey.com

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 14, 2021
Vulnerability Reserved
Apr 19, 2018

Limesurvey

What is CVE-2018-10228?

References

CVSS V3.1

Timeline