Filter by tag: file write

LimeSurvey 2.72.3 - Persistent XSS to Code Execution

5 min read 10 Apr 2018 by Robin Peraglie
LimeSurvey is an open source and commercial web application that enables its users to quickly design and setup scalable surveys. RIPS automatically detected two vulnerabilities in LimeSurvey < 2.72.3: An unauthenticated persistent cross-site scripting vulnerability (CVE-2017-18358) and an authenticated arbitrary file write vulnerability which can be chained.