LimeSurvey Security Advisory 2008/06/22
For the last couple months the LimeSurvey project has done a lot of self-imposed security audits on the LimeSurvey code base. (Thank you to the Ubuntu Server team for pointing out first issues and giving us a head start.)
During this process several security issues have been fixed in the source code which include:
- Issues where variable manipulation was possible when register_globals in PHP is activated
- Session Data injection & manipulation
- Permanent & non-permanent XSS-issues where an attacker could try to gain access by injecting own javacript code into the application
- Session related issues where a possible attacker could take over the session and/or gain higher access privileges
Most of these issue were already fixed for 1.71 stable. (Affected versions: 1.70+ (all builds) and older)
On top of that we fixed two moderate issues for the current 1.71 release which were
- Two XSS attacks for security flaws in the IE6 browser.
- Session Fixation attack
Thank you to security advisor Michal Tresner for reporting.
Exploits in the Wild: No known exploits yet. We strongly recommend to update as long it stays that way!
Solution: Update to the latest LimeSurvey 1.71+ Build 5147 or later version available from http://www.limesurvey.org
This security advisory refers to CVE-2008-2659 - LimeSurvey XSS candidate