4.3

CVE-2019-16175

A clickjacking vulnerability was found in Limesurvey before 3.17.14.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LimesurveyLimesurvey Version < 3.17.14
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.91% 0.553
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-1021 Improper Restriction of Rendered UI Layers or Frames

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain.

https://www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-190902-released
Vendor Advisory
Release Notes
https://github.com/LimeSurvey/LimeSurvey/commit/5870fd1037058bc4e43cccf893b576c72293371e#diff-d539f3f8185667ee48db78e1bf65a3b4R41
Patch
Third Party Advisory
Release Notes