Filtered by vendor Limesurvey
Subscriptions
Total
68 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-44967 | 1 Limesurvey | 1 Limesurvey | 2024-08-04 | 8.8 High |
A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file. | ||||
CVE-2021-42112 | 1 Limesurvey | 1 Limesurvey | 2024-08-04 | 6.1 Medium |
The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js. | ||||
CVE-2022-48010 | 1 Limesurvey | 1 Limesurvey | 2024-08-03 | 5.4 Medium |
LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Welcome-message text fields. NOTE: the vendor indicates that this is not a vulnerability because the manipulation requires Superadministrator privileges, and Superadministrators are already allowed to customize surveys with JavaScript as they wish. | ||||
CVE-2022-48008 | 1 Limesurvey | 1 Limesurvey | 2024-08-03 | 9.8 Critical |
An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
CVE-2022-43279 | 1 Limesurvey | 1 Limesurvey | 2024-08-03 | 7.2 High |
LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php. | ||||
CVE-2022-29710 | 1 Limesurvey | 1 Limesurvey | 2024-08-03 | 6.1 Medium |
A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin. | ||||
CVE-2023-44796 | 1 Limesurvey | 1 Limesurvey | 2024-08-02 | 5.4 Medium |
Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component. | ||||
CVE-2024-39063 | 1 Limesurvey | 1 Limesurvey | 2024-08-02 | 8.8 High |
Lime Survey <= 6.5.12 is vulnerable to Cross Site Request Forgery (CSRF). The YII_CSRF_TOKEN is only checked when passed in the body of POST requests, but the same check isn't performed in the equivalent GET requests. |