Shodan
Vulnerabilities
Vulnerable Software
Limesurvey:  >> Limesurvey  >> 3.6.2  Security Vulnerabilities
CVE-2024-28709
Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-10-07
CVE-2024-28710
Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-10-07
CVE-2024-42901
A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-09-03
CVE-2024-42902
An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js_localize.php function
CVSS Score
8.8
EPSS Score
0.002
Published
2024-09-03
CVE-2024-42903
A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a malicious domain.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-09-03
CVE-2023-44796
Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-11-18
CVE-2022-29710
A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin.
CVSS Score
6.1
EPSS Score
0.003
Published
2022-05-25
CVE-2018-10228
Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-12-14
CVE-2021-42112
The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.
CVSS Score
6.1
EPSS Score
0.006
Published
2021-10-08
CVE-2019-25019
LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-02-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved