Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
limesurvey limesurvey vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-29710
A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows malicious users to execute arbitrary web scripts or HTML via a crafted plugin.
Limesurvey Limesurvey
6.1
CVSSv3
CVE-2018-20322
LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators. Fixed in version 3.15.6.
Limesurvey Limesurvey
7.5
CVSSv3
CVE-2019-15640
Limesurvey prior to 3.17.10 does not validate both the MIME type and file extension of an image.
Limesurvey Limesurvey
9.8
CVSSv3
CVE-2019-16184
A CSV injection vulnerability was found in Limesurvey prior to 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.
Limesurvey Limesurvey
7.5
CVSSv3
CVE-2019-16187
Limesurvey prior to 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows malicious users to access a cookie value via a client-side script.
Limesurvey Limesurvey
NA
CVE-2015-4628
SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey prior to 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter.
Limesurvey Limesurvey
NA
CVE-2008-2570
Multiple unspecified vulnerabilities in LimeSurvey (formerly PHPSurveyor) prior to 1.71 have unknown impact and attack vectors.
Limesurvey Limesurvey
5.4
CVSSv3
CVE-2023-44796
Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote malicious user to escalate privileges via a crafted script to the _generaloptions_panel.php component.
Limesurvey Limesurvey
6.1
CVSSv3
CVE-2021-42112
The "File upload question" functionality in LimeSurvey 3.x-LTS up to and including 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.
Limesurvey Limesurvey
NA
CVE-2007-5573
PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the rootdir parameter.
Limesurvey Limesurvey
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »