Vulnerabilities > Limesurvey > Limesurvey > 3.15.8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-18 | CVE-2023-44796 | Cross-site Scripting vulnerability in Limesurvey Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component. | 5.4 |
2022-05-25 | CVE-2022-29710 | Cross-site Scripting vulnerability in Limesurvey A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin. | 4.3 |
2021-10-08 | CVE-2021-42112 | Cross-site Scripting vulnerability in Limesurvey The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js. | 4.3 |
2021-02-14 | CVE-2019-25019 | SQL Injection vulnerability in Limesurvey LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model. | 7.5 |
2020-04-01 | CVE-2020-11456 | Cross-site Scripting vulnerability in Limesurvey LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups). | 3.5 |
2020-04-01 | CVE-2020-11455 | Path Traversal vulnerability in Limesurvey LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. | 7.5 |
2019-09-09 | CVE-2019-16180 | Information Exposure vulnerability in Limesurvey Limesurvey before 3.17.14 allows remote attackers to bruteforce the login form and enumerate usernames when the LDAP authentication method is used. | 5.0 |
2019-09-09 | CVE-2019-16176 | Information Exposure vulnerability in Limesurvey A path disclosure vulnerability was found in Limesurvey before 3.17.14 that allows a remote attacker to discover the path to the application in the filesystem. | 5.0 |
2019-09-09 | CVE-2019-16173 | Cross-site Scripting vulnerability in Limesurvey LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. | 5.4 |
2019-09-09 | CVE-2019-16172 | Cross-site Scripting vulnerability in Limesurvey LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. | 5.4 |