Vulnerabilities > Limesurvey > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-10-07 CVE-2024-28709 Cross-site Scripting vulnerability in Limesurvey
Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.
network
low complexity
limesurvey CWE-79
6.1
2024-10-07 CVE-2024-28710 Cross-site Scripting vulnerability in Limesurvey
Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.
network
low complexity
limesurvey CWE-79
6.1
2024-09-03 CVE-2024-42903 Injection vulnerability in Limesurvey
A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a malicious domain.
network
low complexity
limesurvey CWE-74
6.5
2023-11-18 CVE-2023-44796 Cross-site Scripting vulnerability in Limesurvey
Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component.
network
low complexity
limesurvey CWE-79
5.4
2023-01-27 CVE-2022-48010 Cross-site Scripting vulnerability in Limesurvey 5.4.15
LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts.
network
low complexity
limesurvey CWE-79
5.4
2022-05-25 CVE-2022-29710 Cross-site Scripting vulnerability in Limesurvey
A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin.
network
limesurvey CWE-79
4.3
2021-12-14 CVE-2018-10228 Cross-site Scripting vulnerability in Limesurvey 3.6.2
Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI.
network
limesurvey CWE-79
4.3
2021-10-08 CVE-2021-42112 Cross-site Scripting vulnerability in Limesurvey
The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.
network
limesurvey CWE-79
4.3
2021-06-28 CVE-2020-22607 Cross-site Scripting vulnerability in Limesurvey 4.1.11+200316
Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via the (1) name and (2) description parameters in application/controllers/admin/PermissiontemplatesController.php.
network
limesurvey CWE-79
4.3
2020-08-05 CVE-2020-16192 Cross-site Scripting vulnerability in Limesurvey 4.3.2
LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters.
network
limesurvey CWE-79
4.3