15411: CVE-2019-17660 : XSS in quick edit - LimeSurvey bugs and feature requests

This bug affects 1 person(s).

252

ID	Project	Category	View Status	Date Submitted	Last Update

15411	Bug reports	Security	public	2019-10-17 09:12	2020-03-09 15:37

Reporter	DenisChenu	Assigned To	DenisChenu
Priority	immediate	Severity	minor
Status	closed	Resolution	fixed
Product Version	3.18.x
Fixed in Version	3.18.x

Summary	15411: CVE-2019-17660 : XSS in quick edit
Description	See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17660 and https://www.limesurvey.org/forum/team-only/119455-cve-2019-17660-limesurvey
Steps To Reproduce	See github
Additional Information	Seems permission:read are not checked to view this page.
Tags	No tags attached.

Bug heat	252
Complete LimeSurvey version number (& build)	3.19.1
I will donate to the project if issue is resolved	No
Browser	not relevant
Database type & version	not relevant
Server OS (if known)	not relevant
Webserver software & version (if known)	not relevant
PHP Version	not relevant

User List	There are no users monitoring this issue.

Date Modified	Username	Field	Change
2019-10-17 09:12	DenisChenu	New Issue
2019-10-17 09:12	DenisChenu	Assigned To	=> DenisChenu
2019-10-17 09:12	DenisChenu	Status	new => assigned
2019-10-17 09:13	DenisChenu	Priority	none => immediate
2019-10-17 11:30	DenisChenu	Status	assigned => resolved
2019-10-17 11:30	DenisChenu	Resolution	open => fixed
2019-10-17 11:30	DenisChenu	Fixed in Version	=> 3.18.x
2019-10-17 11:30	DenisChenu	Note Added: 54077
2020-03-09 15:37	c_schmitz	Status	resolved => closed

DenisChenu 2019-10-17 11:30 developer ~54077	https://github.com/LimeSurvey/LimeSurvey/commit/2c3b8f3a63a1bb9cc1087b8eeb25d4aed04f68b0