Filtered by vendor Limesurvey
Subscribe
Total
63 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43279 | 1 Limesurvey | 1 Limesurvey | 2024-07-03 | N/A | 7.2 HIGH |
| LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php. | |||||
| CVE-2022-48010 | 1 Limesurvey | 1 Limesurvey | 2024-06-10 | N/A | 5.4 MEDIUM |
| LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Welcome-message text fields. NOTE: the vendor indicates that this is not a vulnerability because the manipulation requires Superadministrator privileges, and Superadministrators are already allowed to customize surveys with JavaScript as they wish. | |||||
| CVE-2023-44796 | 1 Limesurvey | 1 Limesurvey | 2024-01-10 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component. | |||||
| CVE-2009-1604 | 1 Limesurvey | 1 Limesurvey | 2023-11-07 | 7.5 HIGH | N/A |
| Unspecified vulnerability in LimeSurvey before 1.82 allows remote attackers to execute commands and obtain sensitive data via unknown attack vectors related to /admin/remotecontrol/. | |||||
| CVE-2008-2571 | 1 Limesurvey | 1 Limesurvey | 2023-11-07 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in LimeSurvey (formerly PHPSurveyor) before 1.71 allows remote attackers to change arbitrary quotas as administrators via a "modify quota" action. | |||||
| CVE-2008-2570 | 1 Limesurvey | 1 Limesurvey | 2023-11-07 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in LimeSurvey (formerly PHPSurveyor) before 1.71 have unknown impact and attack vectors. | |||||
| CVE-2019-16172 | 1 Limesurvey | 1 Limesurvey | 2023-02-13 | 3.5 LOW | 5.4 MEDIUM |
| LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion. | |||||
| CVE-2019-16173 | 1 Limesurvey | 1 Limesurvey | 2023-02-13 | 3.5 LOW | 5.4 MEDIUM |
| LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php, | |||||
| CVE-2022-48008 | 1 Limesurvey | 1 Limesurvey | 2023-02-04 | N/A | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2020-11455 | 1 Limesurvey | 1 Limesurvey | 2022-07-30 | 7.5 HIGH | 9.8 CRITICAL |
| LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. | |||||
| CVE-2020-11456 | 1 Limesurvey | 1 Limesurvey | 2022-07-30 | 3.5 LOW | 5.4 MEDIUM |
| LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups). | |||||
| CVE-2022-29710 | 1 Limesurvey | 1 Limesurvey | 2022-06-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin. | |||||
| CVE-2021-44967 | 1 Limesurvey | 1 Limesurvey | 2022-03-02 | 9.0 HIGH | 8.8 HIGH |
| A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file. | |||||
| CVE-2018-10228 | 1 Limesurvey | 1 Limesurvey | 2021-12-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI. | |||||
| CVE-2021-42112 | 1 Limesurvey | 1 Limesurvey | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js. | |||||
| CVE-2019-16176 | 1 Limesurvey | 1 Limesurvey | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A path disclosure vulnerability was found in Limesurvey before 3.17.14 that allows a remote attacker to discover the path to the application in the filesystem. | |||||
| CVE-2019-16180 | 1 Limesurvey | 1 Limesurvey | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Limesurvey before 3.17.14 allows remote attackers to bruteforce the login form and enumerate usernames when the LDAP authentication method is used. | |||||
| CVE-2020-22607 | 1 Limesurvey | 1 Limesurvey | 2021-07-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via the (1) name and (2) description parameters in application/controllers/admin/PermissiontemplatesController.php. | |||||
| CVE-2020-23710 | 1 Limesurvey | 1 Limesurvey | 2021-06-29 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbox via the Notifications & data feature. | |||||
| CVE-2019-25019 | 1 Limesurvey | 1 Limesurvey | 2021-06-04 | 7.5 HIGH | 9.8 CRITICAL |
| LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model. | |||||