Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Limesurvey
(Limesurvey)| Repositories |
• https://github.com/LimeSurvey/LimeSurvey
• https://github.com/tecnickcom/TCPDF |
| #Vulnerabilities | 63 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-01-27 | CVE-2022-48010 | LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Welcome-message text fields. NOTE: the vendor indicates that this is not a vulnerability because the manipulation requires Superadministrator privileges, and Superadministrators... | Limesurvey | 5.4 | ||
| 2023-11-18 | CVE-2023-44796 | Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component. | Limesurvey | 5.4 | ||
| 2008-06-06 | CVE-2008-2571 | Cross-site request forgery (CSRF) vulnerability in LimeSurvey (formerly PHPSurveyor) before 1.71 allows remote attackers to change arbitrary quotas as administrators via a "modify quota" action. | Limesurvey | N/A | ||
| 2008-06-06 | CVE-2008-2570 | Multiple unspecified vulnerabilities in LimeSurvey (formerly PHPSurveyor) before 1.71 have unknown impact and attack vectors. | Limesurvey | N/A | ||
| 2009-05-11 | CVE-2009-1604 | Unspecified vulnerability in LimeSurvey before 1.82 allows remote attackers to execute commands and obtain sensitive data via unknown attack vectors related to /admin/remotecontrol/. | Limesurvey | N/A | ||
| 2019-09-09 | CVE-2019-16172 | LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion. | Limesurvey | 5.4 | ||
| 2019-09-09 | CVE-2019-16173 | LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php, | Limesurvey | 5.4 | ||
| 2023-01-27 | CVE-2022-48008 | An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file. | Limesurvey | 9.8 | ||
| 2022-11-15 | CVE-2022-43279 | LimeSurvey v5.4.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php. | Limesurvey | 7.2 | ||
| 2020-04-01 | CVE-2020-11455 | LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. | Limesurvey | 9.8 |