CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-44796
https://notcve.org/view.php?id=CVE-2023-44796
17 Nov 2023 — Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component. Vulnerabilidad de Cross Site Scripting (XSS) en LimeSurvey anterior a la versión 6.2.9-230925 permite a un atacante remoto escalar privilegios a través de un script manipulado al componente _generaloptions_panel.php. • https://github.com/Hebing123/CVE-2023-44796/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-43279
https://notcve.org/view.php?id=CVE-2022-43279
15 Nov 2022 — LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php. Se descubrió que LimeSurvey v5.4.4 contiene una vulnerabilidad de inyección SQL a través del componente /application/views/themeOptions/update.php. • https://brick-pamphlet-d24.notion.site/LimeSurvey-V5-4-4-background-update-php-SQL-injection-50e8fd6eba4644bb941b2c8d6fb7979a • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •