Limesurvey · Limesurvey · CVE-2019-16173
**Name of the Vulnerable Software and Affected Versions**
LimeSurvey versions prior to 3.17.14
**Description**
The issue allows for reflected XSS, enabling the escalation of privileges from a low-privileged account to a higher-privileged one, such as SuperAdmin. This occurs in the application/core/Survey Common Action.php file.
**Recommendations**
For versions prior to 3.17.14, update to version 3.17.14 or later to resolve the issue.