Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
limesurvey vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2020-23710
Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbox via the Notifications & data feature.
Limesurvey Limesurvey 4.2.5
9.8
CVSSv3
CVE-2019-25019
LimeSurvey prior to 4.0.0-RC4 allows SQL injection via the participant model.
Limesurvey Limesurvey
Limesurvey Limesurvey 4.0.0
5.4
CVSSv3
CVE-2020-25797
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser.
Limesurvey Limesurvey 3.21.1
5.4
CVSSv3
CVE-2020-25799
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.
Limesurvey Limesurvey 3.21.1
5.4
CVSSv3
CVE-2020-25798
A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter ParticipantAttributeNamesDropdown of the Attributes on the central participant data...
Limesurvey Limesurvey
6.1
CVSSv3
CVE-2020-16192
LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters.
Limesurvey Limesurvey 4.3.2
9.8
CVSSv3
CVE-2020-11455
LimeSurvey prior to 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
Limesurvey Limesurvey 4.1.12
Limesurvey Limesurvey
1 Metasploit module
5.4
CVSSv3
CVE-2020-11456
LimeSurvey prior to 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups).
Limesurvey Limesurvey 4.1.12
Limesurvey Limesurvey
6.1
CVSSv3
CVE-2019-14512
LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/PanelBoxWidget/views/box.php or a label title in application/views/admin/labels/labelview_view.php.
Limesurvey Limesurvey 3.17.7\\+190627
6.1
CVSSv3
CVE-2019-17660
A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/ind...
Limesurvey Limesurvey
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »