Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Limesurvey
(Limesurvey)Repositories |
• https://github.com/LimeSurvey/LimeSurvey
• https://github.com/tecnickcom/TCPDF |
#Vulnerabilities | 63 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2020-04-01 | CVE-2020-11456 | LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups). | Limesurvey | 5.4 | ||
2022-05-25 | CVE-2022-29710 | A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin. | Limesurvey | 6.1 | ||
2022-02-24 | CVE-2021-44967 | A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file. | Limesurvey | 8.8 | ||
2021-12-14 | CVE-2018-10228 | Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI. | Limesurvey | 6.1 | ||
2021-10-08 | CVE-2021-42112 | The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js. | Limesurvey | 6.1 | ||
2019-09-09 | CVE-2019-16176 | A path disclosure vulnerability was found in Limesurvey before 3.17.14 that allows a remote attacker to discover the path to the application in the filesystem. | Limesurvey | 5.3 | ||
2019-09-09 | CVE-2019-16180 | Limesurvey before 3.17.14 allows remote attackers to bruteforce the login form and enumerate usernames when the LDAP authentication method is used. | Limesurvey | 5.3 | ||
2021-06-28 | CVE-2020-22607 | Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via the (1) name and (2) description parameters in application/controllers/admin/PermissiontemplatesController.php. | Limesurvey | 6.1 | ||
2021-06-28 | CVE-2020-23710 | Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbox via the Notifications & data feature. | Limesurvey | 5.4 | ||
2021-02-14 | CVE-2019-25019 | LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model. | Limesurvey | 9.8 |