CVE-2011-5256

Limesurvey < 1.91\+ - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters.

References (2)

[Product] http://limesurvey.svn.sourceforge.net/viewvc/limesurvey/source/limesurvey/docs/release_notes.txt?view=markup

[Vendor Advisory] http://secunia.com/advisories/46831

Scores

EPSS 0.0026

EPSS Percentile 49.4%

Details

CWE

CWE-79

Status published

Products (16)

limesurvey/limesurvey < 1.91\+

limesurvey/limesurvey

... and 6 more

Published Feb 12, 2013

Tracked Since Feb 18, 2026