Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 14

More
3 years 1 month ago #111060 by jackmcmaster
jackmcmaster created the topic: Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 14
Read an article released today regarding to the new vulnerability for LimeSurvey

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5016

The latest version of LimeSurvey was release on July 3, and this article released today, so I guess upgrade to the latest version doesn't help.

How can we fix the issue?

Please Log in to join the conversation.

More
3 years 1 month ago #111062 by c_schmitz
c_schmitz replied the topic: Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 14
The article refers to LimeSurvey 2.05+ Build 140618. There have been two further release since then where this issue is fixed.

Best regards

Carsten Schmitz
LimeSurvey project leader

Please Log in to join the conversation.

More
3 years 1 month ago #111063 by jackmcmaster
jackmcmaster replied the topic: Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 14
Just want to confirm that the latest version did fix the vulnerability mentioned in that article?

The reason I asked is that the latest version could fix some bugs that have nothing to do with that vulnerability, which was discovered and released yesterday, and the latest LimeSurvey was released two weeks before.

Please Log in to join the conversation.

More
3 years 1 month ago #111064 by c_schmitz
c_schmitz replied the topic: Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 14
Responsible security researchers usually disclose any vulnerabilities to us before they release this publicly some time later. As said:

c_schmitz wrote: There have been two further release since then where this issue is fixed.


Best regards

Carsten Schmitz
LimeSurvey project leader
The following user(s) said Thank You: jackmcmaster

Please Log in to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now