CVE-2011-5256 Information

Description

Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116 when viewing survey results allows remote attackers to inject arbitrary web script or HTML via unknown parameters.

Reference

http://limesurvey.svn.sourceforge.net/viewvc/limesurvey/source/limesurvey/docs/release_notes.txt?view=markup http://secunia.com/advisories/46831