NVD - Results

Sort results by:

Search Results (Refine Search)

Search Parameters:

Results Type: Overview
Keyword (text search): cpe:2.3:a:limesurvey:limesurvey:3.22.2:*:*:*:*:*:*:*
CPE Name Search: true

There are 6 matching records.

Displaying matches 1 through 6.

Vuln ID	Summary	CVSS Severity
CVE-2023-44796	Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component. Published: November 17, 2023; 7:15:07 PM -0500	V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available)
CVE-2022-29710	A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin. Published: May 24, 2022; 9:15:07 PM -0400	V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM
CVE-2021-42112	The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js. Published: October 08, 2021; 5:15:07 PM -0400	V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM
CVE-2020-11456	LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups). Published: April 01, 2020; 12:15:27 PM -0400	V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW
CVE-2020-11455	LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. Published: April 01, 2020; 12:15:27 PM -0400	V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH
CVE-2012-4927	SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php. Published: September 15, 2012; 1:55:08 PM -0400	V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH