Source: National Vulnerability Database

Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10228

118 hits since 2021-12-14

PHP Vulns Source Ratio: 14% (5320 total, 383 propagated, 2660 filtered)