Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
limesurvey limesurvey vulnerabilities and exploits
(subscribe to this query)
801
VMScore
CVE-2021-44967
A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file.
Limesurvey Limesurvey 5.2.4
445
VMScore
CVE-2011-3752
LimeSurvey 1.90+ build9642-20101214 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/statistics.php and certain other files.
Limesurvey Limesurvey 1.90\\+
578
VMScore
CVE-2015-5078
SQL injection vulnerability in the insert function in application/controllers/admin/dataentry.php in LimeSurvey 2.06+ allows remote authenticated users to execute arbitrary SQL commands via the closedate parameter.
Limesurvey Limesurvey 2.06\\+
383
VMScore
CVE-2014-5016
Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote malicious users to inject arbitrary web script or HTML via (1) the pid attribute to the getAttribute_json function to application/controllers/admin/participantsaction.php in CPDB, (2...
Limesurvey Limesurvey 2.05\\+
383
VMScore
CVE-2018-10228
Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote malicious users to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI.
Limesurvey Limesurvey 3.6.2
NA
CVE-2022-48008
An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows malicious users to execute arbitrary code via a crafted PHP file.
Limesurvey Limesurvey 5.4.15
605
VMScore
CVE-2018-1000053
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website unusable. This attack appear to be exploitable via Simple HT...
Limesurvey Limesurvey 3.0.0
312
VMScore
CVE-2020-23710
Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbox via the Notifications & data feature.
Limesurvey Limesurvey 4.2.5
383
VMScore
CVE-2020-16192
LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters.
Limesurvey Limesurvey 4.3.2
312
VMScore
CVE-2020-25799
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.
Limesurvey Limesurvey 3.21.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »