Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
limesurvey limesurvey vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2019-16185
In Limesurvey prior to 3.17.14, admin users can view, update, or delete reserved menu entries without proper permissions.
Limesurvey Limesurvey
4.3
CVSSv2
CVE-2019-17660
A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/ind...
Limesurvey Limesurvey
6.5
CVSSv2
CVE-2015-4628
SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey prior to 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter.
Limesurvey Limesurvey
9.3
CVSSv2
CVE-2008-2570
Multiple unspecified vulnerabilities in LimeSurvey (formerly PHPSurveyor) prior to 1.71 have unknown impact and attack vectors.
Limesurvey Limesurvey
4.3
CVSSv2
CVE-2017-18358
LimeSurvey prior to 2.72.4 has Stored XSS by using the Continue Later (aka Resume later) feature to enter an email address, which is mishandled in the admin panel.
Limesurvey Limesurvey
5
CVSSv2
CVE-2019-15640
Limesurvey prior to 3.17.10 does not validate both the MIME type and file extension of an image.
Limesurvey Limesurvey
6.8
CVSSv2
CVE-2007-5573
PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the rootdir parameter.
Limesurvey Limesurvey
1 EDB exploit
4
CVSSv2
CVE-2018-16397
In LimeSurvey prior to 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file,
Limesurvey Limesurvey
NA
CVE-2023-44796
Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote malicious user to escalate privileges via a crafted script to the _generaloptions_panel.php component.
Limesurvey Limesurvey
4.3
CVSSv2
CVE-2022-29710
A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows malicious users to execute arbitrary web scripts or HTML via a crafted plugin.
Limesurvey Limesurvey
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-35229
privilege escalation
local users
CVE-2024-5405
CVE-2024-27842
CVE-2024-5274
CVE-2024-5378
CVE-2024-34152
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »