CVE-2011-5256
low
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
2.6
Description
Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| limesurvey | limesurvey | {"endIncluding":"1.91\\+"} | |
| limesurvey | limesurvey | 1.01 | |
| limesurvey | limesurvey | 1.50 | |
| limesurvey | limesurvey | 1.52 | |
| limesurvey | limesurvey | 1.53\+ | |
| limesurvey | limesurvey | 1.70\+ | |
| limesurvey | limesurvey | 1.71\+ | |
| limesurvey | limesurvey | 1.72 | |
| limesurvey | limesurvey | 1.80\+ | |
| limesurvey | limesurvey | 1.81\+ | |
| limesurvey | limesurvey | 1.82\+ | |
| limesurvey | limesurvey | 1.85 | |
| limesurvey | limesurvey | 1.86 | |
| limesurvey | limesurvey | 1.87\+ | |
| limesurvey | limesurvey | 1.90\+ | |
References
CWEs
CWE-79
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.