Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
limesurvey vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-5018
Incomplete blacklist vulnerability in the autoEscape function in common_helper.php in LimeSurvey 2.05+ Build 140618 allows remote malicious users to conduct cross-site scripting (XSS) attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume...
Limesurvey Limesurvey 2.05\\+
3.5
CVSSv2
CVE-2020-23710
Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbox via the Notifications & data feature.
Limesurvey Limesurvey 4.2.5
4.3
CVSSv2
CVE-2020-16192
LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters.
Limesurvey Limesurvey 4.3.2
6.8
CVSSv2
CVE-2007-3632
Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote malicious users to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS...
Limesurvey Limesurvey 1.49 Rc2
1 EDB exploit
NA
CVE-2022-43279
LimeSurvey v5.4.4 exists to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php.
Limesurvey Limesurvey 5.4.4
3.5
CVSSv2
CVE-2020-25797
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser.
Limesurvey Limesurvey 3.21.1
3.5
CVSSv2
CVE-2020-25799
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.
Limesurvey Limesurvey 3.21.1
5
CVSSv2
CVE-2011-3752
LimeSurvey 1.90+ build9642-20101214 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by admin/statistics.php and certain other files.
Limesurvey Limesurvey 1.90\\+
4.3
CVSSv2
CVE-2018-10228
Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote malicious users to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI.
Limesurvey Limesurvey 3.6.2
7.5
CVSSv2
CVE-2018-17057
An issue exists in TCPDF prior to 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
Tecnick Tcpdf
Limesurvey Limesurvey
1 EDB exploit
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »