Vulnerabilities > Limesurvey > Limesurvey > 3.1.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-09-09 | CVE-2019-16175 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Limesurvey A clickjacking vulnerability was found in Limesurvey before 3.17.14. | 4.3 |
2019-09-09 | CVE-2019-16174 | XXE vulnerability in Limesurvey An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity. | 6.8 |
2019-09-09 | CVE-2019-16173 | Cross-site Scripting vulnerability in Limesurvey LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. | 5.4 |
2019-09-09 | CVE-2019-16172 | Cross-site Scripting vulnerability in Limesurvey LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. | 5.4 |
2019-08-26 | CVE-2019-15640 | Improper Input Validation vulnerability in Limesurvey Limesurvey before 3.17.10 does not validate both the MIME type and file extension of an image. | 5.0 |
2019-03-24 | CVE-2019-9960 | Path Traversal vulnerability in Limesurvey The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path. | 7.5 |
2018-12-21 | CVE-2018-20322 | Cross-site Scripting vulnerability in Limesurvey LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators. | 4.3 |
2018-09-14 | CVE-2018-17057 | Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in TCPDF before 6.2.22. | 7.5 |
2018-09-06 | CVE-2018-1000659 | Path Traversal vulnerability in Limesurvey LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. | 6.5 |
2018-09-06 | CVE-2018-1000658 | Unrestricted Upload of File with Dangerous Type vulnerability in Limesurvey LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. | 6.5 |