Check out the LimeSurvey source code on GitHub!

Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 14

More
2 years 6 months ago #111060 by jackmcmaster
Read an article released today regarding to the new vulnerability for LimeSurvey

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5016

The latest version of LimeSurvey was release on July 3, and this article released today, so I guess upgrade to the latest version doesn't help.

How can we fix the issue?

Please Log in to join the conversation.

More
2 years 6 months ago #111062 by c_schmitz
The article refers to LimeSurvey 2.05+ Build 140618. There have been two further release since then where this issue is fixed.

Best regards

Carsten Schmitz
LimeSurvey project leader

Please Log in to join the conversation.

More
2 years 6 months ago #111063 by jackmcmaster
Just want to confirm that the latest version did fix the vulnerability mentioned in that article?

The reason I asked is that the latest version could fix some bugs that have nothing to do with that vulnerability, which was discovered and released yesterday, and the latest LimeSurvey was released two weeks before.

Please Log in to join the conversation.

More
2 years 6 months ago #111064 by c_schmitz
Responsible security researchers usually disclose any vulnerabilities to us before they release this publicly some time later. As said:

c_schmitz wrote: There have been two further release since then where this issue is fixed.


Best regards

Carsten Schmitz
LimeSurvey project leader
The following user(s) said Thank You: jackmcmaster

Please Log in to join the conversation.

Imprint                   Privacy policy         General Terms & Conditions         Revocation information and revocation form