Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed issue #15672: LimeSurvey 3.21.1 Cross Site Scripting
  • Loading branch information
lacrioque committed Dec 19, 2019
1 parent 0a7bdfa commit 38e1ab0
Showing 1 changed file with 5 additions and 1 deletion.
Expand Up @@ -59,7 +59,11 @@
foreach($model->getAttributesValues($model->attribute_id) as $attribute_value){
echo "<div class='control-group'>";
echo "<div class='dropDownContainer col-xs-8 col-offset-xs-2'>";
echo "<input class='form-control' name='ParticipantAttributeNamesDropdown[]' value='".$attribute_value['value']."' />";
echo TbHtml::textField('ParticipantAttributeNamesDropdown[]', $attribute_value['value'], [
'class' => 'form-control',
'id' => ''
]);
// echo "<input class='form-control' name='ParticipantAttributeNamesDropdown[]' value='".$attribute_value['value']."' />";
echo "</div>";
echo '<div class="col-xs-1">
<button class="btn btn-default form-group action_delDropdownField">
Expand Down

6 comments on commit 38e1ab0

@guramj
Copy link

@guramj guramj commented on 38e1ab0 Mar 1, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi,
Since this issue is already resolved, could you please assign CVE for this vulnerability? Also, would it be possible to disclose this vulnerability to public? https://bugs.limesurvey.org/view.php?id=15672

Thanks!

@guramj
Copy link

@guramj guramj commented on 38e1ab0 Mar 21, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please assign CVE to this vulnerability? Thanks.

@maziminke
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@olleharstedt One for you...

@olleharstedt
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't do CVE. But anyone can file it, I believe? Otherwise, bring it up during IRC meeting about our policy.

@guramj
Copy link

@guramj guramj commented on 38e1ab0 May 3, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @olleharstedt, I am trying to request a CVE numbers for the following vulnerabilities, which I reported them back in December, 2019.
https://bugs.limesurvey.org/view.php?id=15680
https://bugs.limesurvey.org/view.php?id=15681
https://bugs.limesurvey.org/view.php?id=15672

I am no longer able to browse on to the above links to view my reported vulnerabilities. Could you please let me access them through the bugs.limesurvey website. And also could you please mark these vulnerabilities as PUBLIC?

Regards,
Guram.

@olleharstedt
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@guramj I've marked the issues as public.

Please sign in to comment.