 |
Not only … neither value are encoded … |
|
|
https://github.com/LimeSurvey/LimeSurvey/commit/4d1f9e0c0e3a9fea3309e2aae4665305b6c44d3e |
- Anonymous
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 14635 | Bug reports | Security | public | 2019-03-12 13:53 | 2019-04-02 16:40 |
| Reporter | Assigned To | DenisChenu | |||
| Priority | none | Severity | minor | ||
| Status | closed | Resolution | fixed | ||
| Product Version | 3.16.x | ||||
| Fixed in Version | 3.17.x | ||||
| Summary | 14635: XSS Attack Vector - export_helper.php | ||||
| Description | SPSS export open to an attack via XSS via the 'noanswervalue' POST parameter. | ||||
| Tags | No tags attached. | ||||
| Bug heat | 252 | ||||
| Complete LimeSurvey version number (& build) | 3.16.0 | ||||
| I will donate to the project if issue is resolved | No | ||||
| Browser | |||||
| Database type & version | irrevelant | ||||
| Server OS (if known) | |||||
| Webserver software & version (if known) | |||||
| PHP Version | irrevelant | ||||
|
|
Not only … neither value are encoded … |
|
|
https://github.com/LimeSurvey/LimeSurvey/commit/4d1f9e0c0e3a9fea3309e2aae4665305b6c44d3e |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2019-03-12 13:53 |
|
New Issue | |
| 2019-03-22 16:00 | DenisChenu | View Status | public => private |
| 2019-03-22 19:06 | DenisChenu | Note Added: 51101 | |
| 2019-03-22 19:07 | DenisChenu | Assigned To | => DenisChenu |
| 2019-03-22 19:07 | DenisChenu | Status | new => assigned |
| 2019-03-25 08:39 | DenisChenu | Status | assigned => resolved |
| 2019-03-25 08:39 | DenisChenu | Resolution | open => fixed |
| 2019-03-25 08:39 | DenisChenu | Note Added: 51115 | |
| 2019-03-25 08:39 | DenisChenu | View Status | private => public |
| 2019-03-25 08:41 | DenisChenu | Fixed in Version | => 3.16.x |
| 2019-04-02 16:40 | ollehar | Status | resolved => closed |
| 2019-04-02 16:40 | ollehar | Fixed in Version | 3.16.x => 3.17.x |
