Vulnerabilities > Limesurvey > Limesurvey > 3.25.20
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-18 | CVE-2023-44796 | Cross-site Scripting vulnerability in Limesurvey Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component. | 5.4 |
2022-05-25 | CVE-2022-29710 | Cross-site Scripting vulnerability in Limesurvey A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin. | 4.3 |
2020-04-01 | CVE-2020-11456 | Cross-site Scripting vulnerability in Limesurvey LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups). | 3.5 |
2020-04-01 | CVE-2020-11455 | Path Traversal vulnerability in Limesurvey LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. | 7.5 |