Month: April 2018

PHP Code Quality Testing with RIPS 2.9.0

Code Quality VS. Exploitable Vulnerabilities There are many different perceptions of a “vulnerability” in the various tools available. What we at RIPS Technologies rank as a minor code quality issue, often is reported as a high-severe vulnerability by other vendors. The reason for this are different perspectives, the analysis capabilities, and the internal equation of bug categories. A tool that solely focuses on the detection of code quality issues by using fingerprints will classify any security-related finding as critical – although from a security expert’s perspective this finding may be only of informational value at most.

LimeSurvey 2.72.3 – Persistent XSS to Code Execution

See RIPS Scan Report Unauthenticated Persistent Cross-Site Scripting LimeSurvey 2.72.3 is prone to a persistent cross-site scripting vulnerability which is exploitable through the unauthenticated perspective. When submitting a public survey, the Continue Later feature allows users to save their partially completed survey repose and reload it at a later time. In order to identify the returning user, he provides an email address and a password when saving his response.