NotCVE - vendor:"Limesurvey" product:"Limesurvey" version:"4.3.2"

3 results (0.004 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-44796

https://notcve.org/view.php?id=CVE-2023-44796

Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component. Vulnerabilidad de Cross Site Scripting (XSS) en LimeSurvey anterior a la versión 6.2.9-230925 permite a un atacante remoto escalar privilegios a través de un script manipulado al componente _generaloptions_panel.php. • https://github.com/Hebing123/CVE-2023-44796/issues/1 https://github.com/Hebing123/cve/issues/4 https://github.com/LimeSurvey/LimeSurvey/pull/3483 https://github.com/limesurvey/limesurvey/commit/135511073c51c332613dd7fad9a8ca0aad34a3fe • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-29710

https://notcve.org/view.php?id=CVE-2022-29710

A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo uploadConfirm.php de LimeSurvey versiones v5.3.9 y anteriores, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de un plugin diseñado • https://github.com/LimeSurvey/LimeSurvey/commit/f7b35619a1c4b0893754594c7d5870fd599a0f9c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-16192

https://notcve.org/view.php?id=CVE-2020-16192

LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters. LimeSurvey versión 4.3.2, permite un ataque de tipo XSS reflejado porque el archivo application/controllers/LSBaseController.php carece de código para comprobar los parámetros • https://github.com/LimeSurvey/LimeSurvey/pull/1479/commits/4109a8d157e46c48ca34b995ef61a6e0f6905236 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •