Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5256

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2011-5256
Last Modified 13 Feb 2013 12:00:00
Published 12 Feb 2013 03:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2011-5256

Summary

Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters.

Vulnerable Systems

Application

  • Limesurvey 1.01

  • Limesurvey 1.50

  • Limesurvey 1.52

  • Limesurvey 1.53%2b

  • Limesurvey 1.70%2b

  • Limesurvey 1.71%2b

  • Limesurvey 1.72

  • Limesurvey 1.80%2b

  • Limesurvey 1.81%2b

  • Limesurvey 1.82%2b

  • Limesurvey 1.85

  • Limesurvey 1.86

  • Limesurvey 1.87%2b

  • Limesurvey 1.90%2b

  • Limesurvey 1.91%2b


References

SECUNIA - 46831

CONFIRM - http://limesurvey.svn.sourceforge.net/viewvc/limesurvey/source/limesurvey/docs/release_notes.txt?view=markup


Last Updated: 27 May 2016 11:01:50