Analyzed
12 months
ago.
based on code collected
almost 1 year
ago.
Major Versions
click and drag to zoom
Security Vulnerabilities for Version:
Severities:
Type
|
Identifier
|
Related Record |
Severity
|
Date Published
|
Description | Versions Affected |
|---|---|---|---|---|---|
| CVE-2023-44796 | BDSA-2023-3217 | Medium | Nov 18, 2023 | Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script more... |
2.2.5, 3.3.1, 3.1.0, 1.1.0, 1.91, 1.87, 1.86, 1.85, 1.82, 1.81
|
| CVE-2022-29710 | BDSA-2022-1444 | Medium | May 25, 2022 | A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTM more... |
2.2.5, 3.3.1, 3.1.0, 1.1.0, 1.91, 1.87, 1.86, 1.85, 1.82, 1.81
|
| CVE-2021-42112 | BDSA-2021-3050 | Medium | Oct 08, 2021 | The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader. more... |
2.2.5, 3.3.1, 3.1.0, 1.1.0
|
| CVE-2020-25798 | BDSA-2020-3397 | Medium | Nov 17, 2020 | A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inje more... |
2.2.5, 3.3.1, 3.1.0, 1.1.0, 1.91, 1.87, 1.86, 1.85, 1.82, 1.81
|
| CVE-2020-11456 | Medium | Apr 01, 2020 | LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (ak more... |
2.2.5, 3.3.1, 3.1.0, 1.1.0, 1.91, 1.87, 1.86, 1.85, 1.82, 1.81
|
|
| CVE-2020-11455 | Critical | Apr 01, 2020 | LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. |
2.2.5, 3.3.1, 3.1.0, 1.1.0, 1.91, 1.87, 1.86, 1.85, 1.82, 1.81
|
|
| CVE-2019-9960 | BDSA-2019-0827 | Critical | Mar 24, 2019 | The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1+190225 allows a relative path. |
2.2.5, 3.3.1, 3.1.0, 1.1.0, 1.91, 1.87, 1.86, 1.85, 1.82, 1.81
|
| CVE-2019-25019 | BDSA-2021-0372 | Critical | Feb 14, 2021 | LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model. |
2.2.5, 3.3.1, 3.1.0, 1.1.0, 1.91, 1.87, 1.86, 1.85, 1.82, 1.81
|
| CVE-2019-17660 | Medium | Oct 16, 2019 | A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inje more... |
2.2.5, 3.3.1, 3.1.0, 1.1.0, 1.91, 1.87, 1.86, 1.85, 1.82, 1.81
|
|
| CVE-2019-16187 | BDSA-2019-2993 | High | Sep 09, 2019 | Limesurvey before 3.17.14 uses an anti-CSRF cookie without the HttpOnly flag, which allows attackers to access a cookie value via a client-side script. more... |
2.2.5, 3.3.1, 3.1.0, 1.1.0, 1.91, 1.87, 1.86, 1.85, 1.82, 1.81
|
