Welcome, Guest
Username: Password:

TOPIC: Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 14

Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 14 1 year 9 months ago #111060

Read an article released today regarding to the new vulnerability for LimeSurvey

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5016

The latest version of LimeSurvey was release on July 3, and this article released today, so I guess upgrade to the latest version doesn't help.

How can we fix the issue?
The administrator has disabled public write access.

Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 14 1 year 9 months ago #111062

  • c_schmitz
  • c_schmitz's Avatar
  • Offline
  • LimeSurvey Team
  • Posts: 977
  • Thank you received: 133
  • Karma: 97
The article refers to LimeSurvey 2.05+ Build 140618. There have been two further release since then where this issue is fixed.
Best regards

Carsten Schmitz
LimeSurvey project leader
The administrator has disabled public write access.

Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 14 1 year 9 months ago #111063

Just want to confirm that the latest version did fix the vulnerability mentioned in that article?

The reason I asked is that the latest version could fix some bugs that have nothing to do with that vulnerability, which was discovered and released yesterday, and the latest LimeSurvey was released two weeks before.
The administrator has disabled public write access.

Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 14 1 year 9 months ago #111064

  • c_schmitz
  • c_schmitz's Avatar
  • Offline
  • LimeSurvey Team
  • Posts: 977
  • Thank you received: 133
  • Karma: 97
Responsible security researchers usually disclose any vulnerabilities to us before they release this publicly some time later. As said:c_schmitz wrote:
There have been two further release since then where this issue is fixed.
Best regards

Carsten Schmitz
LimeSurvey project leader
The administrator has disabled public write access.
The following user(s) said Thank You: jackmcmaster
Moderators: ITEd
Time to create page: 0.158 seconds