LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2018-20322
Reference:
CVE-2018-20322
Title:
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulnerability in Survey Resource zip upload resulting in Javascript code execution against LimeSurvey administrators. Fixed in version 3.15.6.