CVE-2020-22607
- EPSS 0.69%
- Veröffentlicht 28.06.2021 19:15:07
- Zuletzt bearbeitet 21.11.2024 05:13:18
Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via the (1) name and (2) description parameters in application/controllers/admin/PermissiontemplatesController.php.
CVE-2020-23710
- EPSS 0.55%
- Veröffentlicht 28.06.2021 16:15:08
- Zuletzt bearbeitet 21.11.2024 05:14:01
Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbox via the Notifications & data feature.
CVE-2019-25019
- EPSS 1.34%
- Veröffentlicht 14.02.2021 04:15:12
- Zuletzt bearbeitet 21.11.2024 04:39:45
LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model.
CVE-2020-25799
- EPSS 0.7%
- Veröffentlicht 31.12.2020 18:15:13
- Zuletzt bearbeitet 21.11.2024 05:18:48
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.
CVE-2020-25797
- EPSS 0.7%
- Veröffentlicht 31.12.2020 18:15:13
- Zuletzt bearbeitet 21.11.2024 05:18:48
LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the brows...
CVE-2020-25798
- EPSS 0.64%
- Veröffentlicht 17.11.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 05:18:48
A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter ParticipantAttributeNamesDropdown of the Attributes o...
CVE-2020-16192
- EPSS 0.67%
- Veröffentlicht 05.08.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 05:06:54
LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters.
CVE-2020-11456
- EPSS 70.84%
- Veröffentlicht 01.04.2020 16:15:27
- Zuletzt bearbeitet 21.11.2024 04:57:57
LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups).
CVE-2020-11455
- EPSS 96.99%
- Veröffentlicht 01.04.2020 16:15:27
- Zuletzt bearbeitet 21.11.2024 04:57:57
LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
CVE-2019-14512
- EPSS 1.04%
- Veröffentlicht 16.03.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 04:26:52
LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/PanelBoxWidget/views/box.php or a label title in application/views/admin/labels/labelview_view.php.