View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
14635 | Bug reports | Security | public | 2019-03-12 13:53 | 2019-04-02 16:40 |
Reporter | Assigned To | DenisChenu | |||
Priority | none | Severity | minor | ||
Status | closed | Resolution | fixed | ||
Product Version | 3.16.x | ||||
Fixed in Version | 3.17.x | ||||
Summary | 14635: XSS Attack Vector - export_helper.php | ||||
Description | SPSS export open to an attack via XSS via the 'noanswervalue' POST parameter. | ||||
Tags | No tags attached. | ||||
Bug heat | 252 | ||||
Complete LimeSurvey version number (& build) | 3.16.0 | ||||
I will donate to the project if issue is resolved | No | ||||
Browser | |||||
Database type & version | irrevelant | ||||
Server OS (if known) | |||||
Webserver software & version (if known) | |||||
PHP Version | irrevelant | ||||
Not only … neither value are encoded … |
|
https://github.com/LimeSurvey/LimeSurvey/commit/4d1f9e0c0e3a9fea3309e2aae4665305b6c44d3e |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2019-03-12 13:53 |
|
New Issue | |
2019-03-22 16:00 | DenisChenu | View Status | public => private |
2019-03-22 19:06 | DenisChenu | Note Added: 51101 | |
2019-03-22 19:07 | DenisChenu | Assigned To | => DenisChenu |
2019-03-22 19:07 | DenisChenu | Status | new => assigned |
2019-03-25 08:39 | DenisChenu | Status | assigned => resolved |
2019-03-25 08:39 | DenisChenu | Resolution | open => fixed |
2019-03-25 08:39 | DenisChenu | Note Added: 51115 | |
2019-03-25 08:39 | DenisChenu | View Status | private => public |
2019-03-25 08:41 | DenisChenu | Fixed in Version | => 3.16.x |
2019-04-02 16:40 | ollehar | Status | resolved => closed |
2019-04-02 16:40 | ollehar | Fixed in Version | 3.16.x => 3.17.x |