CVE-2018-20322
- EPSS 1.11%
- Veröffentlicht 21.12.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 04:01:13
LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators. Fixed in version 3.15.6.
CVE-2018-17003
- EPSS 1.01%
- Veröffentlicht 21.09.2018 17:29:06
- Zuletzt bearbeitet 21.11.2024 03:53:40
In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveyls_title parameter to /index.php?r=admin/survey/sa/insert.
CVE-2018-17057
- EPSS 26.17%
- Veröffentlicht 14.09.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:53:47
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
CVE-2018-1000659
- EPSS 3.56%
- Veröffentlicht 06.09.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:40:20
LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exp...
CVE-2018-1000658
- EPSS 2.14%
- Veröffentlicht 06.09.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:40:20
LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive...
CVE-2018-16397
- EPSS 1.04%
- Veröffentlicht 03.09.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:52:40
In LimeSurvey before 3.14.7, an admin user can leverage a "file upload" question to read an arbitrary file,
CVE-2018-1000514
- EPSS 0.34%
- Veröffentlicht 26.06.2018 16:29:01
- Zuletzt bearbeitet 21.11.2024 03:40:05
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Boxes that can result in CSRF admins to delete boxes. This vulnerability appears to have been fixed in 3.6.x.
CVE-2018-1000513
- EPSS 0.71%
- Veröffentlicht 26.06.2018 16:29:01
- Zuletzt bearbeitet 21.11.2024 03:40:05
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting (XSS) vulnerability in Boxes that can result in JS code execution against LimeSurvey admins. This vulnerability appears to have been fixed in 3.6.x.
CVE-2018-7556
- EPSS 2.01%
- Veröffentlicht 28.02.2018 07:29:00
- Zuletzt bearbeitet 21.11.2024 04:12:21
LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before 3.4.2 mishandles application/controller/InstallerController.php after installation, which allows remote attackers to access the configuration file.
CVE-2018-1000053
- EPSS 0.6%
- Veröffentlicht 09.02.2018 23:29:01
- Zuletzt bearbeitet 21.11.2024 03:39:32
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery (CSRF) vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website unusable. This attack appear t...