Vulnerabilities > Limesurvey
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-07 | CVE-2024-28709 | Cross-site Scripting vulnerability in Limesurvey Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields. | 6.1 |
| 2024-10-07 | CVE-2024-28710 | Cross-site Scripting vulnerability in Limesurvey Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component. | 6.1 |
| 2024-09-03 | CVE-2024-42903 | Injection vulnerability in Limesurvey A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a malicious domain. | 6.5 |
| 2023-11-18 | CVE-2023-44796 | Cross-site Scripting vulnerability in Limesurvey Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component. | 5.4 |
| 2023-01-27 | CVE-2022-48008 | Unrestricted Upload of File with Dangerous Type vulnerability in Limesurvey 5.4.15 An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file. | 9.8 |
| 2023-01-27 | CVE-2022-48010 | Cross-site Scripting vulnerability in Limesurvey 5.4.15 LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. | 5.4 |
| 2022-11-15 | CVE-2022-43279 | SQL Injection vulnerability in Limesurvey 5.4.4 LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php. | 7.2 |
| 2022-05-25 | CVE-2022-29710 | Cross-site Scripting vulnerability in Limesurvey A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin. | 6.1 |
| 2022-02-24 | CVE-2021-44967 | Unrestricted Upload of File with Dangerous Type vulnerability in Limesurvey 5.2.4 A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file. | 8.8 |
| 2021-12-14 | CVE-2018-10228 | Cross-site Scripting vulnerability in Limesurvey 3.6.2 Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI. | 6.1 |