Filtered by vendor Limesurvey Subscriptions
Total 70 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2008-2571 1 Limesurvey 1 Limesurvey 2024-11-21 N/A
Cross-site request forgery (CSRF) vulnerability in LimeSurvey (formerly PHPSurveyor) before 1.71 allows remote attackers to change arbitrary quotas as administrators via a "modify quota" action.
CVE-2008-2570 1 Limesurvey 1 Limesurvey 2024-11-21 N/A
Multiple unspecified vulnerabilities in LimeSurvey (formerly PHPSurveyor) before 1.71 have unknown impact and attack vectors.
CVE-2007-5573 1 Limesurvey 1 Limesurvey 2024-11-21 N/A
PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.
CVE-2007-3632 1 Limesurvey 1 Limesurvey 2024-11-21 N/A
Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/.
CVE-2024-28709 1 Limesurvey 1 Limesurvey 2024-10-15 6.1 Medium
Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.
CVE-2024-28710 1 Limesurvey 1 Limesurvey 2024-10-15 6.1 Medium
Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.
CVE-2024-42903 1 Limesurvey 1 Limesurvey 2024-09-12 6.5 Medium
A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a malicious domain.
CVE-2024-42901 1 Limesurvey 1 Limesurvey 2024-09-03 4.8 Medium
A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file.
CVE-2024-42902 1 Limesurvey 1 Limesurvey 2024-09-03 8.8 High
An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js_localize.php function
CVE-2024-7887 1 Limesurvey 1 Limesurvey 2024-08-19 2.7 Low
A vulnerability was found in LimeSurvey 6.3.0-231016 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php of the component File Upload. The manipulation of the argument size leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.