Vulnerabilities > Limesurvey > Limesurvey > 2.72.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-09 | CVE-2019-16174 | XXE vulnerability in Limesurvey An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity. | 6.8 |
| 2019-09-09 | CVE-2019-16173 | Cross-site Scripting vulnerability in Limesurvey LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. | 5.4 |
| 2019-09-09 | CVE-2019-16172 | Cross-site Scripting vulnerability in Limesurvey LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. | 5.4 |
| 2019-08-26 | CVE-2019-15640 | Improper Input Validation vulnerability in Limesurvey Limesurvey before 3.17.10 does not validate both the MIME type and file extension of an image. | 5.0 |
| 2019-03-24 | CVE-2019-9960 | Path Traversal vulnerability in Limesurvey The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path. | 7.5 |
| 2019-01-15 | CVE-2017-18358 | Cross-site Scripting vulnerability in Limesurvey LimeSurvey before 2.72.4 has Stored XSS by using the Continue Later (aka Resume later) feature to enter an email address, which is mishandled in the admin panel. | 4.3 |
| 2018-12-21 | CVE-2018-20322 | Cross-site Scripting vulnerability in Limesurvey LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators. | 4.3 |
| 2018-09-14 | CVE-2018-17057 | Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in TCPDF before 6.2.22. | 7.5 |
| 2018-09-06 | CVE-2018-1000659 | Path Traversal vulnerability in Limesurvey LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. | 6.5 |
| 2018-09-06 | CVE-2018-1000658 | Unrestricted Upload of File with Dangerous Type vulnerability in Limesurvey LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. | 6.5 |