CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-44796
https://notcve.org/view.php?id=CVE-2023-44796
Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component. Vulnerabilidad de Cross Site Scripting (XSS) en LimeSurvey anterior a la versión 6.2.9-230925 permite a un atacante remoto escalar privilegios a través de un script manipulado al componente _generaloptions_panel.php. • https://github.com/Hebing123/CVE-2023-44796/issues/1 https://github.com/Hebing123/cve/issues/4 https://github.com/LimeSurvey/LimeSurvey/pull/3483 https://github.com/limesurvey/limesurvey/commit/135511073c51c332613dd7fad9a8ca0aad34a3fe • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29710
https://notcve.org/view.php?id=CVE-2022-29710
A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo uploadConfirm.php de LimeSurvey versiones v5.3.9 y anteriores, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de un plugin diseñado • https://github.com/LimeSurvey/LimeSurvey/commit/f7b35619a1c4b0893754594c7d5870fd599a0f9c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-25019
https://notcve.org/view.php?id=CVE-2019-25019
LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model. LimeSurvey versiones anteriores a 4.0.0-RC4, permite una inyección SQL por medio del modelo participant • https://community.limesurvey.org/release/191008 https://github.com/LimeSurvey/LimeSurvey/blob/master/docs/release_notes.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 91%CPEs: 3EXPL: 2CVE-2020-11455 – LimeSurvey 4.1.11 - 'File Manager' Path Traversal
https://notcve.org/view.php?id=CVE-2020-11455
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. LimeSurvey versiones anteriores a 4.1.12+200324, contiene una vulnerabilidad de salto de ruta en el archivo application/controllers/admin/LimeSurveyFileManager.php. LimeSurvey version 4.1.11 suffers from a File Manager path traversal vulnerability. • https://www.exploit-db.com/exploits/48297 http://packetstormsecurity.com/files/157112/LimeSurvey-4.1.11-Path-Traversal.html https://github.com/LimeSurvey/LimeSurvey/commit/daf50ebb16574badfb7ae0b8526ddc5871378f1b https://www.secsignal.org/en/news/cve-2019-9960-arbitrary-file-download-in-limesurvey https://github.com/LimeSurvey/LimeSurvey/commit/1ed10d3c423187712b8f6a8cb2bc9d5cc3b2deb8 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 2CVE-2020-11456 – LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-11456
LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups). LimeSurvey versiones anteriores a 4.1.12+200324, presenta una vulnerabilidad de tipo XSS almacenado en los archivos application/views/admin/surveysgroups/surveySettings.php y application/models/SurveysGroups.php (también se conoce como survey groups). LimeSurvey version 4.1.11 suffers from a Survey Groups persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/48289 http://packetstormsecurity.com/files/157114/LimeSurvey-4.1.11-Cross-Site-Scripting.html https://github.com/LimeSurvey/LimeSurvey/commit/04b118acce2a74306f365ef329cbe00efc399b26 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •