CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-44796
https://notcve.org/view.php?id=CVE-2023-44796
17 Nov 2023 — Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component. Vulnerabilidad de Cross Site Scripting (XSS) en LimeSurvey anterior a la versión 6.2.9-230925 permite a un atacante remoto escalar privilegios a través de un script manipulado al componente _generaloptions_panel.php. • https://github.com/Hebing123/CVE-2023-44796/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-48008
https://notcve.org/view.php?id=CVE-2022-48008
27 Jan 2023 — An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file. Una vulnerabilidad de carga de archivos arbitrarios en el administrador de complementos de LimeSurvey v5.4.15 permite a los atacantes ejecutar código arbitrario a través de un archivo PHP manipulado. • https://github.com/Sakura-501/LimeSurvey-5.4.15-PluginUploadtoRCE • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-48010
https://notcve.org/view.php?id=CVE-2022-48010
27 Jan 2023 — LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Welcome-message text fields. NOTE: the vendor indicates that this is not a vulnerability because the manipulation requires Superadministrator privileges, and Superadministrators are already allo... • https://github.com/Sakura-501/LimeSurvey-5.4.15-Stored-XSS-in-surveytexts • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •