Page 6 of 60 results (0.003 seconds)

CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-16183

https://notcve.org/view.php?id=CVE-2019-16183

In Limesurvey before 3.17.14, admin users can run an integrity check without proper permissions. En Limesurvey versiones anteriores a 3.17.14, usuarios administradores pueden ejecutar una comprobación de integridad sin los permisos apropiados. • https://github.com/LimeSurvey/LimeSurvey/commit/5870fd1037058bc4e43cccf893b576c72293371e#diff-d539f3f8185667ee48db78e1bf65a3b4R50 https://www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-190902-released • CWE-276: Incorrect Default Permissions •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-16184

https://notcve.org/view.php?id=CVE-2019-16184

A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file. Se encontró una vulnerabilidad de inyección CSV en Limesurvey versiones anteriores a 3.17.14, que permite a los participantes de la encuesta inyectar comandos por medio de sus respuestas a la encuesta que se incluirán en el archivo CSV de exportación. • https://github.com/LimeSurvey/LimeSurvey/commit/5870fd1037058bc4e43cccf893b576c72293371e#diff-d539f3f8185667ee48db78e1bf65a3b4R46 https://www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-190902-released • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-16185

https://notcve.org/view.php?id=CVE-2019-16185

In Limesurvey before 3.17.14, admin users can view, update, or delete reserved menu entries without proper permissions. En Limesurvey versiones anteriores a 3.17.14, usuarios administradores pueden visualizar, actualizar o eliminar entradas de menú reservadas sin permisos apropiados. • https://github.com/LimeSurvey/LimeSurvey/commit/5870fd1037058bc4e43cccf893b576c72293371e#diff-d539f3f8185667ee48db78e1bf65a3b4R51 https://www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-190902-released • CWE-276: Incorrect Default Permissions •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-16186

https://notcve.org/view.php?id=CVE-2019-16186

In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions. En Limesurvey versiones anteriores a 3.17.14, usuarios administradores pueden acceder al administrador de plugins sin permisos apropiados. • https://github.com/LimeSurvey/LimeSurvey/commit/5870fd1037058bc4e43cccf893b576c72293371e#diff-d539f3f8185667ee48db78e1bf65a3b4R49 https://www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-190902-released • CWE-276: Incorrect Default Permissions •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-16187

https://notcve.org/view.php?id=CVE-2019-16187

Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script. Limesurvey versiones anteriores a 3.17.14, utiliza una cookie anti-CSRF sin el flag HttpOnly, lo que permite a atacantes acceder a un valor de cookie por medio de un script del lado del cliente. • https://github.com/LimeSurvey/LimeSurvey/commit/5870fd1037058bc4e43cccf893b576c72293371e#diff-d539f3f8185667ee48db78e1bf65a3b4R48 https://www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-190902-released • CWE-732: Incorrect Permission Assignment for Critical Resource •