An issue in the jslocalize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the jslocalize.php function
{ "cpes": [ "cpe:2.3:a:limesurvey:limesurvey:*:*:*:*:*:*:*:*" ], "severity": "High" }