The LimeSurvey Project Team

1 exploit Active since Dec 2021
CVE-2018-10228 WRITEUP MEDIUM WRITEUP
LimeSurvey 3.6.2+180406 - Stored Cross-Site Scripting via changes_cp Parameter
Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI.
CVSS 6.1