Vulnerabilities > Limesurvey > Limesurvey > 5.4.4

DATE CVE VULNERABILITY TITLE RISK
2023-11-18 CVE-2023-44796 Cross-site Scripting vulnerability in Limesurvey
Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component.
network
low complexity
limesurvey CWE-79
5.4
5.4
2022-11-15 CVE-2022-43279 SQL Injection vulnerability in Limesurvey 5.4.4
LimeSurvey v5.4.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php.
network
low complexity
limesurvey CWE-89
7.2
7.2