Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
limesurvey vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2018-16397
In LimeSurvey prior to 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file,
Limesurvey Limesurvey
383
VMScore
CVE-2018-20322
LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators. Fixed in version 3.15.6.
Limesurvey Limesurvey
578
VMScore
CVE-2018-1000658
LimeSurvey version before 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious ph...
Limesurvey Limesurvey
578
VMScore
CVE-2018-1000659
LimeSurvey version 3.14.4 and previous versions contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An auth...
Limesurvey Limesurvey
383
VMScore
CVE-2017-18358
LimeSurvey prior to 2.72.4 has Stored XSS by using the Continue Later (aka Resume later) feature to enter an email address, which is mishandled in the admin panel.
Limesurvey Limesurvey
578
VMScore
CVE-2015-4628
SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey prior to 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter.
Limesurvey Limesurvey
383
VMScore
CVE-2021-42112
The "File upload question" functionality in LimeSurvey 3.x-LTS up to and including 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.
Limesurvey Limesurvey
383
VMScore
CVE-2019-17660
A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/ind...
Limesurvey Limesurvey
355
VMScore
CVE-2019-16173
LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php,
Limesurvey Limesurvey
1 EDB exploit
383
VMScore
CVE-2019-16175
A clickjacking vulnerability was found in Limesurvey prior to 3.17.14.
Limesurvey Limesurvey
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »