LimeSurvey < 3.17.14 Multiple Vulnerabilities

Technical Details

Severity Level:

High Severity

CVSS Score:

7.5

CVSS Base Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Detection Type:
Remote Banner

Solution Type:
Vendor Patch

Summary:
LimeSurvey is prone to multiple vulnerabilities.

Technical Details:
The following vulnerabilities exist: - Stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion. (CVE-2019-16172) - Reflected XSS for escalating privileges. This occurs in application/core/Survey_Common_Action.php. (CVE-2019-16173) - Stored XSS that allows authenticated users with correct permissions to inject arbitrary web script or HTML via titles of admin box buttons on the home page. (CVE-2019-16178) - Reflected XSS that allows remote attackers to inject arbitrary web script or HTML via extensions of uploaded files. (CVE-2019-16182) - Admin users can mark other users' notifications as read. (CVE-2019-16181) - Admin users can run an integrity check without proper permissions. (CVE-2019-16183) - Admin users can view, update, or delete reserved menu entries without proper permissions. (CVE-2019-16185) - Admin users can access the plugin manager without proper permissions. (CVE-2019-16186) - An XML injection vulnerability that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity. (CVE-2019-16174) - A path disclosure vulnerability that allows a remote attacker to discover the path to the application in the filesystem. (CVE-2019-16176) - A clickjacking vulnerability related to X-Frame-Options SAMEORIGIN not being set by default. (CVE-2019-16175) - The database backup uses browser cache, which exposes it entirely. (CVE-2019-16177) - The default configuration does not enforce SSL/TLS usage. (CVE-2019-16179) - A vulnerability that allows remote attackers to bruteforce the login form and enumerate usernames when the LDAP authentication method is used. (CVE-2019-16180) - A CSV injection vulnerability that allows survey participants to inject commands via their survey responses that will be included in the export CSV file. (CVE-2019-16184) - A vulnerability related to the use of an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script. (CVE-2019-16187)

Detection Method:
Checks if a vulnerable version is present on the target host.

Affected Versions:
LimeSurvey before version 3.17.14.

Recommendations:
Update to version 3.17.14 or later.

Family:

Web application abuses

Creation Time:

2019-09-16 12:58:36

Modification Time:

2019-09-18 10:56:49

Find and Fix this Vulnerability:

Mageni can help you to find out if you have this or more vulnerabilities exposing you to hackers, ransomware and malware: Download Mageni's Free Edition

NVD CVE ID:
CVE-2019-16172
CVE-2019-16173
CVE-2019-16178
CVE-2019-16182
CVE-2019-16174
CVE-2019-16176
CVE-2019-16175
CVE-2019-16177
CVE-2019-16179
CVE-2019-16180
CVE-2019-16184
CVE-2019-16187
CVE-2019-16181
CVE-2019-16183
CVE-2019-16185
CVE-2019-16186

Don't pay for a vulnerability scanning and management platform. This one is free.

Mageni provides a free vulnerability scanning and management platform which helps you need to find, prioritize, remediate and manage your vulnerabilities.