CRITICAL9.8CVE-2020-11455LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. from 0, < 4.1.12, >= 4.1.12-200324, < 4.1.12, >= 4.1.12, < 4.1.13
CRITICAL9.8CVE-2022-48008An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted… >= 5.4.15, < 5.4.16
HIGH8.8An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted…
from 0, < 6.15.5
HIGH8.8A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote…
>= 5.2.4, < 5.2.5
HIGH7.2LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.p…
>= 5.4.4, < 5.4.5
MEDIUM6.5A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users…
from 0, < 6.15.5
MEDIUM6.1LimeSurvey Cross Site Scripting vulnerability
from 0, < 6.5.12
MEDIUM6.1LimeSurvey Cross Site Scripting vulnerability
from 0, < 6.5.0
MEDIUM6.1LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters.
>= 4.3.2, < 4.3.3
MEDIUM6.1Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via the (1) name and (2) description parameters in application/controllers/ad…
>= 4.1.11, < 4.1.12
MEDIUM6.1A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web sc…
from 0, < 5.3.10
MEDIUM6.1Cross-site Scripting in Limesurvey
>= 3.0.0, < 3.27.19
MEDIUM5.4LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGr…
from 0, < 4.1.12, >= 4.1.12-200324, < 4.1.12, >= 4.1.12, < 4.1.13
MEDIUM5.4Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbox via the Notifications & data feature.
>= 4.2.5, < 4.2.6
MEDIUM5.4LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters).
>= 3.21.1, < 3.21.2
MEDIUM5.4A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permiss…
from 0, < 3.21.2
MEDIUM5.4LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page.
>= 3.21.1, < 3.21.2
MEDIUM5.4LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministra…
>= 5.4.15, < 5.4.16
MEDIUM5.4Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a cr…
from 0, < 6.2.9
MEDIUM4.8A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file.
from 0, < 6.15.5
—Multiple vulnerabilities in Limesurvey
>= 6.13.0, < 6.15.5
—Multiple vulnerabilities in Limesurvey
>= 6.13.0, < 6.15.5
—Multiple vulnerabilities in Limesurvey
>= 6.13.0, < 6.15.5