Vulnerabilities > Limesurvey > Limesurvey > 3.0.0

DATE CVE VULNERABILITY TITLE RISK
2018-09-03 CVE-2018-16397 Unrestricted Upload of File with Dangerous Type vulnerability in Limesurvey
In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file,
network
low complexity
limesurvey CWE-434
4.0
4.0
2018-06-26 CVE-2018-1000514 Cross-Site Request Forgery (CSRF) vulnerability in Limesurvey 3.0.0
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Boxes that can result in CSRF admins to delete boxes. 		4.3
4.3
2018-06-26 CVE-2018-1000513 Cross-site Scripting vulnerability in Limesurvey 3.0.0
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting (XSS) vulnerability in Boxes that can result in JS code execution against LimeSurvey admins.
network
limesurvey CWE-79
3.5
3.5
2018-02-28 CVE-2018-7556 Information Exposure vulnerability in multiple products
LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file.
network
low complexity
limesurvey debian CWE-200
6.4
6.4
2018-02-09 CVE-2018-1000053 Cross-Site Request Forgery (CSRF) vulnerability in Limesurvey 3.0.0
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website unusable. 		6.8
6.8