CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-44796
https://notcve.org/view.php?id=CVE-2023-44796
17 Nov 2023 — Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component. Vulnerabilidad de Cross Site Scripting (XSS) en LimeSurvey anterior a la versión 6.2.9-230925 permite a un atacante remoto escalar privilegios a través de un script manipulado al componente _generaloptions_panel.php. • https://github.com/Hebing123/CVE-2023-44796/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29710
https://notcve.org/view.php?id=CVE-2022-29710
24 May 2022 — A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin. Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo uploadConfirm.php de LimeSurvey versiones v5.3.9 y anteriores, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de un plugin diseñado • https://github.com/LimeSurvey/LimeSurvey/commit/f7b35619a1c4b0893754594c7d5870fd599a0f9c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-10228
https://notcve.org/view.php?id=CVE-2018-10228
14 Dec 2021 — Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI. Una vulnerabilidad de tipo Cross-site scripting (XSS) en el archivo /application/controller/admin/theme.php en LimeSurvey versión 3.6.2+180406, permite a atacantes remotos inyectar scripts web o HTML arbitrarios por medio del parámetro changes_cp al U... • http://limesurvey.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-42112
https://notcve.org/view.php?id=CVE-2021-42112
08 Oct 2021 — The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js. La funcionalidad "File upload question" en LimeSurvey versiones 3.x-LTS hasta 3.27.18, permite un ataque de tipo XSS en assets/scripts/modaldialog.js y assets/scripts/uploader.js • https://bugs.limesurvey.org/view.php?id=17562 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-25019
https://notcve.org/view.php?id=CVE-2019-25019
14 Feb 2021 — LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model. LimeSurvey versiones anteriores a 4.0.0-RC4, permite una inyección SQL por medio del modelo participant • https://community.limesurvey.org/release/191008 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25799
https://notcve.org/view.php?id=CVE-2020-25799
31 Dec 2020 — LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser. LimeSurvey versión 3.21.1, está afectado por una vulnerabilidad de tipo cross-site scripting (XSS) en el componente Quota de la página Survey. Cuando es visualizada una cuota de la encuesta, por ejemplo, por un usuario administrativo, el código JavaScript será ejecutado en el navega... • https://bugs.limesurvey.org/view.php?id=15681 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25797
https://notcve.org/view.php?id=CVE-2020-25797
31 Dec 2020 — LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser. LimeSurvey versión 3.21.1, está afectado por una vulnerabilidad de tipo cross-site scripting (XSS) en la Función Add Participants (parámetros first y last name). Cuando el participante de la encuesta sea editado, por ejemplo, por un usuario administrati... • https://bugs.limesurvey.org/view.php?id=15680 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-25798
https://notcve.org/view.php?id=CVE-2020-25798
17 Nov 2020 — A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter ParticipantAttributeNamesDropdown of the Attributes on the central participant database page. When the survey attribute being edited or viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en LimeSurvey version... • https://bugs.limesurvey.org/view.php?id=15672 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 92%CPEs: 3EXPL: 2CVE-2020-11455 – LimeSurvey 4.1.11 - 'File Manager' Path Traversal
https://notcve.org/view.php?id=CVE-2020-11455
01 Apr 2020 — LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. LimeSurvey versiones anteriores a 4.1.12+200324, contiene una vulnerabilidad de salto de ruta en el archivo application/controllers/admin/LimeSurveyFileManager.php. LimeSurvey version 4.1.11 suffers from a File Manager path traversal vulnerability. • https://www.exploit-db.com/exploits/48297 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 2CVE-2020-11456 – LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-11456
01 Apr 2020 — LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups). LimeSurvey versiones anteriores a 4.1.12+200324, presenta una vulnerabilidad de tipo XSS almacenado en los archivos application/views/admin/surveysgroups/surveySettings.php y application/models/SurveysGroups.php (también se conoce como survey groups). LimeSurvey version 4.1.11 suffers from a Survey Groups persistent cross site scripting vuln... • https://www.exploit-db.com/exploits/48289 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •