Vulnerabilities > Limesurvey

DATE	CVE	VULNERABILITY TITLE	RISK
2019-01-15	CVE-2017-18358	Cross-site Scripting vulnerability in Limesurvey LimeSurvey before 2.72.4 has Stored XSS by using the Continue Later (aka Resume later) feature to enter an email address, which is mishandled in the admin panel. network low complexity limesurvey CWE-79	6.1
2018-12-21	CVE-2018-20322	Cross-site Scripting vulnerability in Limesurvey LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators. network low complexity limesurvey CWE-79	6.1
2018-09-21	CVE-2018-17003	Cross-site Scripting vulnerability in Limesurvey 3.14.7 In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveyls_title parameter to /index.php?r=admin/survey/sa/insert. network low complexity limesurvey CWE-79	6.1
2018-09-14	CVE-2018-17057	Deserialization of Untrusted Data vulnerability in multiple products An issue was discovered in TCPDF before 6.2.22. network low complexity tecnick limesurvey CWE-502 critical	9.8
2018-09-06	CVE-2018-1000659	Path Traversal vulnerability in Limesurvey LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. network low complexity limesurvey CWE-22	8.8
2018-09-06	CVE-2018-1000658	Unrestricted Upload of File with Dangerous Type vulnerability in Limesurvey LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. network low complexity limesurvey CWE-434	8.8
2018-09-03	CVE-2018-16397	Unrestricted Upload of File with Dangerous Type vulnerability in Limesurvey In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file, network low complexity limesurvey CWE-434	4.9
2018-06-26	CVE-2018-1000514	Cross-Site Request Forgery (CSRF) vulnerability in Limesurvey 3.0.0 LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Boxes that can result in CSRF admins to delete boxes. network low complexity limesurvey CWE-352	4.3
2018-06-26	CVE-2018-1000513	Cross-site Scripting vulnerability in Limesurvey 3.0.0 LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting (XSS) vulnerability in Boxes that can result in JS code execution against LimeSurvey admins. network low complexity limesurvey CWE-79	4.8
2018-02-28	CVE-2018-7556	Information Exposure vulnerability in multiple products LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file. network low complexity limesurvey debian CWE-200 critical	9.1

Vulnerabilities > Limesurvey {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Limesurvey"}]}

Vulnerabilities > Limesurvey