View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 16401 | Bug reports | Security | public | 2020-06-18 18:18 | 2020-12-30 19:27 |
| Reporter | DenisChenu | Assigned To | DenisChenu | ||
| Priority | none | Severity | minor | ||
| Status | closed | Resolution | fixed | ||
| Product Version | 4.3.0 | ||||
| Fixed in Version | 4.3.2 | ||||
| Summary | 16401: Multiple self-stored XSS in printanswers | ||||
| Description | A lot of other and comments are not encoded when throw to user | ||||
| Steps To Reproduce | Import included survey | ||||
| Additional Information | … … Concept issue : when updating whole printanswers : nothing was done against XSS. If we have a test for this : the test was disabled since it was totally different pages | ||||
| Tags | No tags attached. | ||||
| Bug heat | 254 | ||||
| Complete LimeSurvey version number (& build) | 4.3.0 | ||||
| I will donate to the project if issue is resolved | No | ||||
| Browser | not relevant | ||||
| Database type & version | not relevant | ||||
| Server OS (if known) | not relevant | ||||
| Webserver software & version (if known) | not relevant | ||||
| PHP Version | not relevant | ||||
|
LimeSurvey: master c2e0ba14 2020-06-18 20:34 Details Diff |
Fixed issue [security] 16396: Multiple self-stored XSS in printanswer Dev: Add answercode for testing if other (-oth-) Dev: fix other : single choice and multiple choice Dev: div fix comments on multiple with comments Dev: list with comment not fixed (comment are not shown …) Dev: cherry-picked, no way to control # Conflicts: # application/models/SurveyDynamic.php |
Affected Issues 16401 |
|
| mod - application/models/SurveyDynamic.php | Diff File | ||
| mod - themes/survey/vanilla/views/subviews/printanswers/question_types/template_list-dropdown.twig | Diff File | ||
| mod - themes/survey/vanilla/views/subviews/printanswers/question_types/template_list-radio.twig | Diff File | ||
| mod - themes/survey/vanilla/views/subviews/printanswers/question_types/template_multiple-opt-comments.twig | Diff File | ||
| mod - themes/survey/vanilla/views/subviews/printanswers/question_types/template_multiple-opt.twig | Diff File | ||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2020-06-18 18:18 | DenisChenu | New Issue | |
| 2020-06-18 18:18 | DenisChenu | Status | new => assigned |
| 2020-06-18 18:18 | DenisChenu | Assigned To | => DenisChenu |
| 2020-06-18 18:18 | DenisChenu | Issue generated from: 16396 | |
| 2020-06-18 18:19 | DenisChenu | Assigned To | DenisChenu => |
| 2020-06-18 18:19 | DenisChenu | Status | assigned => feedback |
| 2020-06-18 18:19 | DenisChenu | Complete LimeSurvey version number (& build) | 3.22.20 => 4.3.0 |
| 2020-06-18 18:20 | DenisChenu | Relationship added | child of 15907 |
| 2020-06-18 18:20 | DenisChenu | Note Added: 58340 | |
| 2020-06-18 18:20 | DenisChenu | Status | feedback => new |
| 2020-06-18 18:22 | DenisChenu | Note Added: 58342 | |
| 2020-06-18 18:22 | DenisChenu | File Added: survey_archive_XSSprintanswers.lsa | |
| 2020-06-18 18:22 | DenisChenu | Status | new => feedback |
| 2020-06-18 18:35 | DenisChenu | Changeset attached | => LimeSurvey master c2e0ba14 |
| 2020-07-02 08:52 | DenisChenu | Relationship deleted | child of 15907 |
| 2020-07-02 08:53 | DenisChenu | Assigned To | => DenisChenu |
| 2020-07-02 08:53 | DenisChenu | Status | feedback => assigned |
| 2020-07-02 08:56 | DenisChenu | Note Added: 58630 | |
| 2020-07-02 08:56 | DenisChenu | File Added: Capture d’écran du 2020-07-02 08-56-22.png | |
| 2020-07-02 08:56 | DenisChenu | Status | assigned => resolved |
| 2020-07-02 08:56 | DenisChenu | Resolution | open => fixed |
| 2020-07-02 08:56 | DenisChenu | Fixed in Version | => 4.3.2 |
| 2020-12-30 19:27 | cdorin | Note Added: 61349 | |
| 2020-12-30 19:27 | cdorin | Status | resolved => closed |
