Description

An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity.

Remediation

References

CVE-2019-16174

Related Vulnerabilities

WordPress Plugin WP Legal Pages Cross-Site Scripting (1.0.1)

WordPress Plugin Contact Form Email Cross-Site Scripting (1.1.49)

Mustache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8862)

WordPress Plugin Greenshift-animation and page builder blocks Cross-Site Scripting (4.8.8)

PHP Use After Free Vulnerability (CVE-2019-9020)

Severity

High

Classification

CVE-2019-16174 CWE-611 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities