LimeSurvey 2.72.3 - Persistent XSS to Code Execution
5 min read
10 Apr 2018
by
Robin Peraglie
LimeSurvey is an open source and commercial web application that enables its users to quickly design and setup scalable surveys.
RIPS automatically detected two vulnerabilities in LimeSurvey < 2.72.3: An unauthenticated persistent cross-site scripting vulnerability (CVE-2017-18358) and an authenticated arbitrary file write vulnerability which can be chained.