Vulnerabilities > Limesurvey > Limesurvey > 5.4.15
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-18 | CVE-2023-44796 | Cross-site Scripting vulnerability in Limesurvey Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component. | 5.4 |
| 2023-01-27 | CVE-2022-48008 | Unrestricted Upload of File with Dangerous Type vulnerability in Limesurvey 5.4.15 An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file. | 9.8 |
| 2023-01-27 | CVE-2022-48010 | Cross-site Scripting vulnerability in Limesurvey 5.4.15 LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. | 5.4 |