Permalink
9 comments
on commit
sign in to comment.
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Fixed issue #15680: LimeSurvey 3.21.1 Cross Site Scripting Stored
- Loading branch information
lacrioque
committed
Dec 19, 2019
1 parent
6d15b90
commit 0a7bdfa
Showing
1 changed file
with
19 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
0a7bdfaThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi,
Since this issue is already resolved, could you please assign CVE for this vulnerability?
Thanks!
0a7bdfaThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And also, would it be possible to disclose this vulnerability to public? https://bugs.limesurvey.org/view.php?id=15680
Thanks!
0a7bdfaThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@olleharstedt How do we deal with such disclosures and CVE requests in general?
0a7bdfaThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As always there is never response from LimeSurvey team!
0a7bdfaThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you please assign CVE to this vulnerability? Thanks.
0a7bdfaThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@c-schmitz please take action...
0a7bdfaThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @olleharstedt & @c-schmitz, I am trying to request a CVE number for the following vulnerabilities, which I reported them back in December, 2019.
https://bugs.limesurvey.org/view.php?id=15680
https://bugs.limesurvey.org/view.php?id=15681
https://bugs.limesurvey.org/view.php?id=15672
I am no longer able to browse on to the above links to view my reported vulnerabilities. Could you please let me access them through the bugs.limesurvey website. And also could you please mark these vulnerabilities as PUBLIC?
Regards,
Guram.
0a7bdfaThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done, see other thread.
0a7bdfaThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @olleharstedt