Analyzed
2 months
ago.
based on code collected
4 months
ago.
Major Versions
click and drag to zoom
Security Vulnerabilities for Version:
Severities:
Type
|
Identifier
|
Related Record |
Severity
|
Date Published
|
Description | Versions Affected |
|---|---|---|---|---|---|
| CVE-2024-42903 | BDSA-2024-6089 | Medium | Sep 03, 2024 | A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted p more... |
3.29.2, 3.29.1, 3.29.0, 2.2.5, 3.3.1, 3.1.0, 1.1.0, 1.91, 1.87, 1.86
|
| CVE-2024-28710 | BDSA-2024-7050 | Medium | Oct 07, 2024 | Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation more... |
3.29.2, 3.29.1, 3.29.0, 2.2.5, 3.3.1, 3.1.0, 1.1.0, 1.91, 1.87, 1.86
|
| CVE-2024-28709 | Medium | Oct 07, 2024 | Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the ti more... |
3.29.2, 3.29.1, 3.29.0, 2.2.5, 3.3.1, 3.1.0, 1.1.0, 1.91, 1.87, 1.86
|
|
| CVE-2023-44796 | BDSA-2023-3217 | Medium | Nov 18, 2023 | Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script more... |
3.29.2, 3.29.1, 3.29.0, 2.2.5, 3.3.1, 3.1.0, 1.1.0, 1.91, 1.87, 1.86
|
| CVE-2022-29710 | BDSA-2022-1444 | Medium | May 25, 2022 | A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTM more... |
3.29.2, 3.29.1, 3.29.0, 2.2.5, 3.3.1, 3.1.0, 1.1.0, 1.91, 1.87, 1.86
|
| CVE-2020-11456 | Medium | Apr 01, 2020 | LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (ak more... |
3.29.2, 3.29.1, 3.29.0, 2.2.5, 3.3.1, 3.1.0, 1.1.0, 1.91, 1.87, 1.86
|
|
| CVE-2020-11455 | Critical | Apr 01, 2020 | LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. |
3.29.2, 3.29.1, 3.29.0, 2.2.5, 3.3.1, 3.1.0, 1.1.0, 1.91, 1.87, 1.86
|
|
| BDSA-2024-6093 | Medium | Sep 06, 2024 | An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload int more... | ||
| BDSA-2024-6091 | High | Sep 06, 2024 | A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file. **Note: CVE details more... | ||
| BDSA-2024-5562 | Low | Aug 19, 2024 | A vulnerability was found in LimeSurvey 6.3.0-231016 and classified as problematic. Affected by this issue is some unknown functionality of the file /i more... |
