CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-44796
https://notcve.org/view.php?id=CVE-2023-44796
17 Nov 2023 — Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component. Vulnerabilidad de Cross Site Scripting (XSS) en LimeSurvey anterior a la versión 6.2.9-230925 permite a un atacante remoto escalar privilegios a través de un script manipulado al componente _generaloptions_panel.php. • https://github.com/Hebing123/CVE-2023-44796/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29710
https://notcve.org/view.php?id=CVE-2022-29710
24 May 2022 — A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo uploadConfirm.php de LimeSurvey versiones v5.3.9 y anteriores, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de un plugin diseñado • https://github.com/LimeSurvey/LimeSurvey/commit/f7b35619a1c4b0893754594c7d5870fd599a0f9c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16192
https://notcve.org/view.php?id=CVE-2020-16192
05 Aug 2020 — LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters. LimeSurvey versión 4.3.2, permite un ataque de tipo XSS reflejado porque el archivo application/controllers/LSBaseController.php carece de código para comprobar los parámetros • https://github.com/LimeSurvey/LimeSurvey/pull/1479/commits/4109a8d157e46c48ca34b995ef61a6e0f6905236 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •