Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
limesurvey limesurvey vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2015-5078
SQL injection vulnerability in the insert function in application/controllers/admin/dataentry.php in LimeSurvey 2.06+ allows remote authenticated users to execute arbitrary SQL commands via the closedate parameter.
Limesurvey Limesurvey 2.06\\+
801
VMScore
CVE-2021-44967
A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file.
Limesurvey Limesurvey 5.2.4
383
VMScore
CVE-2018-10228
Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote malicious users to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI.
Limesurvey Limesurvey 3.6.2
312
VMScore
CVE-2018-1000513
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting (XSS) vulnerability in Boxes that can result in JS code execution against LimeSurvey admins. This vulnerability appears to have been fixed in 3.6.x.
Limesurvey Limesurvey 3.0.0
383
VMScore
CVE-2018-1000514
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Boxes that can result in CSRF admins to delete boxes. This vulnerability appears to have been fixed in 3.6.x.
Limesurvey Limesurvey 3.0.0
383
VMScore
CVE-2018-17003
In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveyls_title parameter to /index.php?r=admin/survey/sa/insert.
Limesurvey Limesurvey 3.14.7
NA
CVE-2022-48008
An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows malicious users to execute arbitrary code via a crafted PHP file.
Limesurvey Limesurvey 5.4.15
NA
CVE-2022-48010
LimeSurvey v5.4.15 exists to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted paylo...
Limesurvey Limesurvey 5.4.15
383
VMScore
CVE-2014-5018
Incomplete blacklist vulnerability in the autoEscape function in common_helper.php in LimeSurvey 2.05+ Build 140618 allows remote malicious users to conduct cross-site scripting (XSS) attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume...
Limesurvey Limesurvey 2.05\\+
383
VMScore
CVE-2020-22607
Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via the (1) name and (2) description parameters in application/controllers/admin/PermissiontemplatesController.php.
Limesurvey Limesurvey 4.1.11\\+200316
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »