Limesurvey: >> Limesurvey >> 3.21.1 Security Vulnerabilities
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-12-31
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-12-31
A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter ParticipantAttributeNamesDropdown of the Attributes on the central participant database page. When the survey attribute being edited or viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-11-17
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
CVSS Score
9.8
EPSS Score
0.939
Published
2020-04-01
LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups).
CVSS Score
5.4
EPSS Score
0.003
Published
2020-04-01
SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.
CVSS Score
7.5
EPSS Score
0.021
Published
2012-09-15
Page 2