Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
limesurvey vulnerabilities and exploits
(subscribe to this query)
355
VMScore
CVE-2019-16172
LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion.
Limesurvey Limesurvey
1 EDB exploit
355
VMScore
CVE-2019-16173
LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php,
Limesurvey Limesurvey
1 EDB exploit
383
VMScore
CVE-2019-16175
A clickjacking vulnerability was found in Limesurvey prior to 3.17.14.
Limesurvey Limesurvey
445
VMScore
CVE-2019-16177
In Limesurvey prior to 3.17.14, the entire database is exposed through browser caching.
Limesurvey Limesurvey
445
VMScore
CVE-2019-16180
Limesurvey prior to 3.17.14 allows remote malicious users to bruteforce the login form and enumerate usernames when the LDAP authentication method is used.
Limesurvey Limesurvey
356
VMScore
CVE-2019-16183
In Limesurvey prior to 3.17.14, admin users can run an integrity check without proper permissions.
Limesurvey Limesurvey
356
VMScore
CVE-2018-16397
In LimeSurvey prior to 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file,
Limesurvey Limesurvey
828
VMScore
CVE-2008-2570
Multiple unspecified vulnerabilities in LimeSurvey (formerly PHPSurveyor) prior to 1.71 have unknown impact and attack vectors.
Limesurvey Limesurvey
790
VMScore
CVE-2019-9960
The downloadZip function in application/controllers/admin/export.php in LimeSurvey up to and including 3.16.1+190225 allows a relative path.
Limesurvey Limesurvey
1 Metasploit module
383
VMScore
CVE-2017-18358
LimeSurvey prior to 2.72.4 has Stored XSS by using the Continue Later (aka Resume later) feature to enter an email address, which is mishandled in the admin panel.
Limesurvey Limesurvey
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »