Executive Summary

This vulnerability is currently undergoing analysis and not all information is available. Please check back soon to view the completed vulnerability summary
NameCVE-2019-17660First vendor Publication2019-10-16
VendorCveLast vendor Modification2019-10-16

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base ScoreNot DefinedAttack RangeNot Defined
Cvss Impact ScoreNot DefinedAttack ComplexityNot Defined
Cvss Expoit ScoreNot DefinedAuthenticationNot Defined
Calculate full CVSS 2.0 Vectors scores


A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17660

Sources (Detail)

MISC https://github.com/kbgsft/vuln-limesurvey/wiki/Reflected-XSS-in-LimeSurvey-3....

Alert History

If you want to see full details history, please login or register.
2019-10-16 21:20:37
  • First insertion