Andreas Kolbeck

2 exploits Active since Sep 2019
CVE-2019-16172 EXPLOITDB MEDIUM WRITEUP
LimeSurvey < 3.17.14 - Stored Cross-Site Scripting via Survey Group Title
LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion.
CVSS 5.4
CVE-2019-16173 EXPLOITDB MEDIUM text WRITEUP
LimeSurvey < 3.17.14 - Reflected Cross-Site Scripting in Survey_Common_Action.php
LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php,
CVSS 5.4