LimeSurvey < 3.17.14 Multiple Vulnerabilities

Published: 2019-09-16 12:58:36
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:

Detection Type:
Remote Banner

Solution Type:
Vendor Patch

LimeSurvey is prone to multiple vulnerabilities.

Technical Details:
The following vulnerabilities exist: - Stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion. (CVE-2019-16172) - Reflected XSS for escalating privileges. This occurs in application/core/Survey_Common_Action.php. (CVE-2019-16173) - Stored XSS that allows authenticated users with correct permissions to inject arbitrary web script or HTML via titles of admin box buttons on the home page. (CVE-2019-16178) - Reflected XSS that allows remote attackers to inject arbitrary web script or HTML via extensions of uploaded files. (CVE-2019-16182) - Admin users can mark other users' notifications as read. (CVE-2019-16181) - Admin users can run an integrity check without proper permissions. (CVE-2019-16183) - Admin users can view, update, or delete reserved menu entries without proper permissions. (CVE-2019-16185) - Admin users can access the plugin manager without proper permissions. (CVE-2019-16186) - An XML injection vulnerability that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity. (CVE-2019-16174) - A path disclosure vulnerability that allows a remote attacker to discover the path to the application in the filesystem. (CVE-2019-16176) - A clickjacking vulnerability related to X-Frame-Options SAMEORIGIN not being set by default. (CVE-2019-16175) - The database backup uses browser cache, which exposes it entirely. (CVE-2019-16177) - The default configuration does not enforce SSL/TLS usage. (CVE-2019-16179) - A vulnerability that allows remote attackers to bruteforce the login form and enumerate usernames when the LDAP authentication method is used. (CVE-2019-16180) - A CSV injection vulnerability that allows survey participants to inject commands via their survey responses that will be included in the export CSV file. (CVE-2019-16184) - A vulnerability related to the use of an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script. (CVE-2019-16187)

Detection Method:
Checks if a vulnerable version is present on the target host.

Affected Versions:
LimeSurvey before version 3.17.14.

Update to version 3.17.14 or later.

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)


CVSS Score

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.