Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
limesurvey vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-24506
Cross Site Scripting (XSS) vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote malicious users to execute arbitrary code via the Administrator email address parameter in the General Setting function.
NA
CVE-2023-44796
Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote malicious user to escalate privileges via a crafted script to the _generaloptions_panel.php component.
Limesurvey Limesurvey
NA
CVE-2022-48008
An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows malicious users to execute arbitrary code via a crafted PHP file.
Limesurvey Limesurvey 5.4.15
NA
CVE-2022-48010
LimeSurvey v5.4.15 exists to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted paylo...
Limesurvey Limesurvey 5.4.15
NA
CVE-2022-43279
LimeSurvey v5.4.4 exists to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php.
Limesurvey Limesurvey 5.4.4
4.3
CVSSv2
CVE-2022-29710
A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows malicious users to execute arbitrary web scripts or HTML via a crafted plugin.
Limesurvey Limesurvey
9
CVSSv2
CVE-2021-44967
A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file.
Limesurvey Limesurvey 5.2.4
4.3
CVSSv2
CVE-2018-10228
Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote malicious users to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI.
Limesurvey Limesurvey 3.6.2
4.3
CVSSv2
CVE-2021-42112
The "File upload question" functionality in LimeSurvey 3.x-LTS up to and including 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.
Limesurvey Limesurvey
4.3
CVSSv2
CVE-2020-22607
Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via the (1) name and (2) description parameters in application/controllers/admin/PermissiontemplatesController.php.
Limesurvey Limesurvey 4.1.11\\+200316
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »