Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
limesurvey vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-16184
A CSV injection vulnerability was found in Limesurvey prior to 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.
Limesurvey Limesurvey
7.2
CVSSv3
CVE-2019-16186
In Limesurvey prior to 3.17.14, admin users can access the plugin manager without proper permissions.
Limesurvey Limesurvey
5.4
CVSSv3
CVE-2023-44796
Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote malicious user to escalate privileges via a crafted script to the _generaloptions_panel.php component.
Limesurvey Limesurvey
6.1
CVSSv3
CVE-2018-20322
LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators. Fixed in version 3.15.6.
Limesurvey Limesurvey
6.1
CVSSv3
CVE-2019-17660
A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/ind...
Limesurvey Limesurvey
NA
CVE-2007-5573
PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the rootdir parameter.
Limesurvey Limesurvey
1 EDB exploit
NA
CVE-2008-2570
Multiple unspecified vulnerabilities in LimeSurvey (formerly PHPSurveyor) prior to 1.71 have unknown impact and attack vectors.
Limesurvey Limesurvey
8.8
CVSSv3
CVE-2018-1000658
LimeSurvey version before 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious ph...
Limesurvey Limesurvey
9.8
CVSSv3
CVE-2019-9960
The downloadZip function in application/controllers/admin/export.php in LimeSurvey up to and including 3.16.1+190225 allows a relative path.
Limesurvey Limesurvey
1 Metasploit module
6.1
CVSSv3
CVE-2022-29710
A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows malicious users to execute arbitrary web scripts or HTML via a crafted plugin.
Limesurvey Limesurvey
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »