12234: XSS in browse response - LimeSurvey bugs and feature requests

This bug affects 1 person(s).

262

ID	Project	Category	View Status	Date Submitted	Last Update

12234	Bug reports	Security	public	2017-03-28 15:10	2019-04-04 15:27

Reporter	DenisChenu	Assigned To	DenisChenu
Priority	none	Severity	minor
Status	closed	Resolution	fixed
Product Version	2.06+
Fixed in Version	2.06+

Summary	12234: XSS in browse response
Description	Filename :<img onerror=alert(1) src=a>.png : browse + public part are broken
Additional Information	https://bugs.limesurvey.org/view.php?id=12225
Tags	No tags attached.
Attached Files	Capture du 2017-03-28 15-13-37.png (43,036 bytes) Capture du 2017-03-28 15-13-37.png (43,036 bytes)

Bug heat	262
Complete LimeSurvey version number (& build)	2.6lts
I will donate to the project if issue is resolved	No
Browser	not relevant
Database type & version	not relevant
Server OS (if known)	not relevant
Webserver software & version (if known)	not relevant
PHP Version	not relevant

User List	There are no users monitoring this issue.

LimeSurvey: 2.06lts bfded0fb 2017-03-28 16:19:16 DenisChenu Details Diff	Fixed issue 12234: [security] XSS in browse response	Affected Issues 12234
	mod - application/controllers/admin/responses.php	Diff File
LimeSurvey: 2.06lts 5abf08ff 2017-03-28 16:27:37 DenisChenu Details Diff	Fixed issue 12234: [security] XSS in upload files	Affected Issues 12234
	mod - scripts/modaldialog.js	Diff File
	mod - scripts/uploader.js	Diff File

Date Modified	Username	Field	Change
2017-03-28 15:10	DenisChenu	New Issue
2017-03-28 15:10	DenisChenu	Status	new => assigned
2017-03-28 15:10	DenisChenu	Assigned To	=> DenisChenu
2017-03-28 15:12	DenisChenu	View Status	public => private
2017-03-28 15:14	DenisChenu	File Added: Capture du 2017-03-28 15-13-37.png
2017-03-28 16:28	DenisChenu	Changeset attached	=> LimeSurvey 2.06lts bfded0fb
2017-03-28 16:28	DenisChenu	Changeset attached	=> LimeSurvey 2.06lts 5abf08ff
2017-03-28 16:28	DenisChenu	Note Added: 43356
2017-03-28 16:28	DenisChenu	Resolution	open => fixed
2017-03-28 16:29	DenisChenu	Status	assigned => resolved
2017-03-28 16:29	DenisChenu	Fixed in Version	=> 2.06+
2017-06-12 17:18	c_schmitz	Status	resolved => closed
2019-04-04 15:17	DenisChenu	Relationship added	has duplicate 14737
2019-04-04 15:27	DenisChenu	View Status	private => public

DenisChenu 2017-03-28 16:28 developer ~43356	Fix committed to 2.06lts branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=22514