Vulnerabilities > Limesurvey > Limesurvey > 2.51.3

DATE CVE VULNERABILITY TITLE RISK
2024-10-07 CVE-2024-28709 Cross-site Scripting vulnerability in Limesurvey
Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.
network
low complexity
limesurvey CWE-79
6.1
6.1
2024-10-07 CVE-2024-28710 Cross-site Scripting vulnerability in Limesurvey
Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.
network
low complexity
limesurvey CWE-79
6.1
6.1
2024-09-03 CVE-2024-42903 Injection vulnerability in Limesurvey
A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a malicious domain.
network
low complexity
limesurvey CWE-74
6.5
6.5
2023-11-18 CVE-2023-44796 Cross-site Scripting vulnerability in Limesurvey
Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component.
network
low complexity
limesurvey CWE-79
5.4
5.4
2022-05-25 CVE-2022-29710 Cross-site Scripting vulnerability in Limesurvey
A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin.
network
low complexity
limesurvey CWE-79
6.1
6.1
2021-02-14 CVE-2019-25019 SQL Injection vulnerability in Limesurvey
LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model.
network
low complexity
limesurvey CWE-89
critical
 9.8
9.8
2020-11-17 CVE-2020-25798 Cross-site Scripting vulnerability in Limesurvey
A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter ParticipantAttributeNamesDropdown of the Attributes on the central participant database page.
network
low complexity
limesurvey CWE-79
5.4
5.4
2020-04-01 CVE-2020-11456 Cross-site Scripting vulnerability in Limesurvey
LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups).
network
low complexity
limesurvey CWE-79
5.4
5.4
2020-04-01 CVE-2020-11455 Path Traversal vulnerability in Limesurvey
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
network
low complexity
limesurvey CWE-22
critical
 9.8
9.8
2019-10-16 CVE-2019-17660 Cross-site Scripting vulnerability in Limesurvey
A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO.
network
low complexity
limesurvey CWE-79
6.1
6.1