CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-44796
https://notcve.org/view.php?id=CVE-2023-44796
Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component. Vulnerabilidad de Cross Site Scripting (XSS) en LimeSurvey anterior a la versión 6.2.9-230925 permite a un atacante remoto escalar privilegios a través de un script manipulado al componente _generaloptions_panel.php. • https://github.com/Hebing123/CVE-2023-44796/issues/1 https://github.com/Hebing123/cve/issues/4 https://github.com/LimeSurvey/LimeSurvey/pull/3483 https://github.com/limesurvey/limesurvey/commit/135511073c51c332613dd7fad9a8ca0aad34a3fe • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43279
https://notcve.org/view.php?id=CVE-2022-43279
LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php. Se descubrió que LimeSurvey v5.4.4 contiene una vulnerabilidad de inyección SQL a través del componente /application/views/themeOptions/update.php. • https://brick-pamphlet-d24.notion.site/LimeSurvey-V5-4-4-background-update-php-SQL-injection-50e8fd6eba4644bb941b2c8d6fb7979a https://github.com/LimeSurvey/LimeSurvey/commit/42920389f99cdd25449eb7ace57f24417e83b692 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •