Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before 3.0.16-pre2 and 3.2.x before 3.2.0-pre4 allows remote attackers to inject arbitrary web script or HTML via the certain survey fields or error messages for malformed query strings.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joel_palmius | mod_survey | 3.0.6 |
| joel_palmius | mod_survey | 3.0.15_pre3 |
| joel_palmius | mod_survey | 3.0.13 |
| joel_palmius | mod_survey | 3.0.5 |
| joel_palmius | mod_survey | 3.0.14e |
| joel_palmius | mod_survey | 3.0.2 |
| joel_palmius | mod_survey | 3.0.3 |
| joel_palmius | mod_survey | 3.0.9 |
| joel_palmius | mod_survey | 3.0.11 |
| joel_palmius | mod_survey | 3.0.15_pre4 |
| joel_palmius | mod_survey | 3.0.4 |
| joel_palmius | mod_survey | 3.0.10 |
| joel_palmius | mod_survey | 3.0.15_pre5 |
| joel_palmius | mod_survey | 3.0.16_pre1 |
| joel_palmius | mod_survey | 3.0.14 |
| joel_palmius | mod_survey | 3.2.0_pre1 |
| joel_palmius | mod_survey | 3.0.15 |
| joel_palmius | mod_survey | 3.0.14d |
| joel_palmius | mod_survey | 3.0.15_pre6 |
| joel_palmius | mod_survey | 3.0.0 |
| joel_palmius | mod_survey | 3.0.12 |
| joel_palmius | mod_survey | 3.0.15_pre1 |
| joel_palmius | mod_survey | 3.2.0_pre3 |
| joel_palmius | mod_survey | 3.0.1 |
| joel_palmius | mod_survey | 3.2.0_pre2 |
| joel_palmius | mod_survey | 3.0.15_pre2 |