CVE-2017-18358

Опубликовано: 15 янв. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

LimeSurvey before 2.72.4 has Stored XSS by using the Continue Later (aka Resume later) feature to enter an email address, which is mishandled in the admin panel.

Ссылки

https://blog.ripstech.com/2018/limesurvey-persistent-xss-to-code-execution/
Exploit
Third Party Advisory
https://github.com/LimeSurvey/LimeSurvey/commit/700b20e2ae918550bfbf283f433f07622480978b
Patch
Third Party Advisory
https://blog.ripstech.com/2018/limesurvey-persistent-xss-to-code-execution/
Exploit
Third Party Advisory
https://github.com/LimeSurvey/LimeSurvey/commit/700b20e2ae918550bfbf283f433f07622480978b
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:limesurvey:limesurvey:*:*:*:*:*:*:*:*

Версия до 2.72.4 (исключая)

EPSS

Процентиль: 55%

0.00328

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2017-18358

CVSS3: 6.1

debian

около 7 лет назад

LimeSurvey before 2.72.4 has Stored XSS by using the Continue Later (a ...

GHSA-4pqh-v35r-m9w2

CVSS3: 6.1

github

больше 3 лет назад

LimeSurvey before 2.72.4 has Stored XSS by using the Continue Later (aka Resume later) feature to enter an email address, which is mishandled in the admin panel.

EPSS

Процентиль: 55%

0.00328

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79