Welcome, Guest
Username: Password: Remember me

TOPIC: Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 14

Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 14 3 months 1 day ago #111060

Read an article released today regarding to the new vulnerability for LimeSurvey

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5016

The latest version of LimeSurvey was release on July 3, and this article released today, so I guess upgrade to the latest version doesn't help.

How can we fix the issue?
The administrator has disabled public write access.

Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 14 3 months 1 day ago #111062

  • c_schmitz
  • c_schmitz's Avatar
  • OFFLINE
  • LimeSurvey Team
  • Posts: 807
  • Thank you received: 115
  • Karma: 93
The article refers to LimeSurvey 2.05+ Build 140618. There have been two further release since then where this issue is fixed.
Support us, too. Donate to the LimeSurvey project and help keep us going!
The administrator has disabled public write access.

Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 14 3 months 1 day ago #111063

Just want to confirm that the latest version did fix the vulnerability mentioned in that article?

The reason I asked is that the latest version could fix some bugs that have nothing to do with that vulnerability, which was discovered and released yesterday, and the latest LimeSurvey was released two weeks before.
The administrator has disabled public write access.

Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 14 3 months 23 hours ago #111064

  • c_schmitz
  • c_schmitz's Avatar
  • OFFLINE
  • LimeSurvey Team
  • Posts: 807
  • Thank you received: 115
  • Karma: 93
Responsible security researchers usually disclose any vulnerabilities to us before they release this publicly some time later. As said:c_schmitz wrote:
There have been two further release since then where this issue is fixed.
Support us, too. Donate to the LimeSurvey project and help keep us going!
The administrator has disabled public write access.
The following user(s) said Thank You: jackmcmaster
Moderators: ITEd
Time to create page: 0.090 seconds
Donation Image