LimeSurvey 3.21.1

CPE Details

LimeSurvey 3.21.1
limesurvey
limesurvey
3.21.1
2021-01-19
12h02 +00:00
2021-01-19
12h02 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:limesurvey:limesurvey:3.21.1:*:*:*:*:*:*:*

Informations

Vendor

limesurvey

Product

limesurvey

Version

3.21.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-28709 2024-10-07 00h00 +00:00 Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.
6.1
Medium
CVE-2024-28710 2024-10-07 00h00 +00:00 Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.
6.1
Medium
CVE-2024-42903 2024-09-03 00h00 +00:00 A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a malicious domain.
6.5
Medium
CVE-2023-44796 2023-11-16 23h00 +00:00 Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component.
5.4
Medium
CVE-2022-29710 2022-05-24 21h56 +00:00 A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin.
6.1
Medium
CVE-2021-42112 2021-10-08 18h45 +00:00 The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.
6.1
Medium
CVE-2020-25799 2020-12-31 16h06 +00:00 LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.
5.4
Medium
CVE-2020-25797 2020-12-31 16h06 +00:00 LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters). When the survey participant being edited, e.g. by an administrative user, the JavaScript code will be executed in the browser.
5.4
Medium
CVE-2020-25798 2020-11-17 13h21 +00:00 A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter ParticipantAttributeNamesDropdown of the Attributes on the central participant database page. When the survey attribute being edited or viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.
5.4
Medium
CVE-2020-11455 2020-04-01 13h48 +00:00 LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
9.8
Critical
CVE-2020-11456 2020-04-01 13h48 +00:00 LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups).
5.4
Medium
CVE-2012-4927 2012-09-15 15h00 +00:00 SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.
7.5
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.