CVE-2019-14512

Name of the Vulnerable Software and Affected Versions: LimeSurvey version 3.17.7+190627

Description: The issue is related to a Cross-Site Scripting (XSS) problem. XSS is a type of security vulnerability that allows an attacker to inject malicious scripts into a website, which can then be executed by users' browsers. This can lead to unauthorized actions being taken on behalf of the user. The XSS vulnerability in this case is found in two locations: in the Boxes feature within the box.php file of the PanelBoxWidget extension, and in a label title within the labelview view.php file.

Recommendations: For LimeSurvey version 3.17.7+190627, consider disabling the Boxes feature in the PanelBoxWidget extension and restricting the ability to edit label titles in the labelview view.php file until a patch is available. Avoid using the label title field in the affected labelview view.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.