Limesurvey

Limesurvey

80 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.3%
  • Veröffentlicht 09.07.2024 20:15:12
  • Zuletzt bearbeitet 30.01.2026 20:52:36

Lime Survey <= 6.5.12 is vulnerable to Cross Site Request Forgery (CSRF). The YII_CSRF_TOKEN is only checked when passed in the body of POST requests, but the same check isn't performed in the equivalent GET requests.

Exploit
  • EPSS 0.68%
  • Veröffentlicht 03.04.2024 07:15:42
  • Zuletzt bearbeitet 30.01.2026 21:02:09

Cross Site Scripting (XSS) vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function.

Exploit
  • EPSS 0.68%
  • Veröffentlicht 18.11.2023 00:15:07
  • Zuletzt bearbeitet 21.11.2024 08:26:02

Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component.

Exploit
  • EPSS 0.48%
  • Veröffentlicht 27.01.2023 18:15:15
  • Zuletzt bearbeitet 21.11.2024 07:32:41

LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scr...

Exploit
  • EPSS 1.27%
  • Veröffentlicht 27.01.2023 18:15:15
  • Zuletzt bearbeitet 28.03.2025 17:15:24

An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file.

Exploit
  • EPSS 0.86%
  • Veröffentlicht 15.11.2022 21:15:38
  • Zuletzt bearbeitet 21.11.2024 07:26:11

LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.php.

  • EPSS 0.73%
  • Veröffentlicht 25.05.2022 01:15:07
  • Zuletzt bearbeitet 21.11.2024 06:59:35

A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin.

Exploit
  • EPSS 13.4%
  • Veröffentlicht 24.02.2022 15:15:24
  • Zuletzt bearbeitet 20.02.2025 03:15:11

A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file. NOTE: the Supplier's position is that plugins intentionally ...

  • EPSS 0.81%
  • Veröffentlicht 14.12.2021 19:15:07
  • Zuletzt bearbeitet 09.07.2026 00:16:50

Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavech...

Exploit
  • EPSS 1.48%
  • Veröffentlicht 08.10.2021 21:15:07
  • Zuletzt bearbeitet 21.11.2024 06:27:17

The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.