PT-2019-14567 · Limesurvey · Limesurvey

J. Greil

Published

2019-09-09

Updated

2020-08-24

CVE-2019-16187

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Limesurvey versions prior to 3.17.14

Description The issue allows attackers to access a cookie value via a client-side script because Limesurvey uses an anti-CSRF cookie without the HttpOnly flag.

Recommendations For versions prior to 3.17.14, update to version 3.17.14 or later to resolve the issue.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2019-16187

Affected Products

Limesurvey

PT-2019-14567 · Limesurvey · Limesurvey

CVE-2019-16187

Weakness Enumeration

Related Identifiers

Affected Products

References · 4