Vulnerabilities > Limesurvey

DATE CVE VULNERABILITY TITLE RISK
2022-11-15 CVE-2022-43279 SQL Injection vulnerability in Limesurvey 5.4.4
LimeSurvey v5.4.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php.
network
low complexity
limesurvey CWE-89
7.2
2022-05-25 CVE-2022-29710 Cross-site Scripting vulnerability in Limesurvey
A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin.
network
limesurvey CWE-79
4.3
2022-02-24 CVE-2021-44967 Unrestricted Upload of File with Dangerous Type vulnerability in Limesurvey 5.2.4
A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file.
network
low complexity
limesurvey CWE-434
critical
9.0
2021-12-14 CVE-2018-10228 Cross-site Scripting vulnerability in Limesurvey 3.6.2
Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI.
network
limesurvey CWE-79
4.3
2021-10-08 CVE-2021-42112 Cross-site Scripting vulnerability in Limesurvey
The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.
network
limesurvey CWE-79
4.3
2021-06-28 CVE-2020-22607 Cross-site Scripting vulnerability in Limesurvey 4.1.11+200316
Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via the (1) name and (2) description parameters in application/controllers/admin/PermissiontemplatesController.php.
network
limesurvey CWE-79
4.3
2021-06-28 CVE-2020-23710 Cross-site Scripting vulnerability in Limesurvey 4.2.5
Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbox via the Notifications & data feature.
network
limesurvey CWE-79
3.5
2021-02-14 CVE-2019-25019 SQL Injection vulnerability in Limesurvey
LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model.
network
low complexity
limesurvey CWE-89
7.5
2020-12-31 CVE-2020-25799 Cross-site Scripting vulnerability in Limesurvey 3.21.1
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page.
network
limesurvey CWE-79
3.5
2020-12-31 CVE-2020-25797 Cross-site Scripting vulnerability in Limesurvey 3.21.1
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters).
network
limesurvey CWE-79
3.5