LimeSurvey 5.4.15

CPE Details

LimeSurvey 5.4.15
limesurvey
limesurvey
5.4.15
2023-11-01
15h06 +00:00
2023-11-01
15h06 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:limesurvey:limesurvey:5.4.15:*:*:*:*:*:*:*

Informations

Vendor

limesurvey

Product

limesurvey

Version

5.4.15

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-28709 2024-10-07 00h00 +00:00 Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.
6.1
Moyen
CVE-2024-28710 2024-10-07 00h00 +00:00 Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.
6.1
Moyen
CVE-2024-42903 2024-09-03 00h00 +00:00 A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a malicious domain.
6.5
Moyen
CVE-2023-44796 2023-11-16 23h00 +00:00 Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component.
5.4
Moyen
CVE-2022-48008 2023-01-27 00h00 +00:00 An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file.
9.8
Critique
CVE-2022-48010 2023-01-26 23h00 +00:00 LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Welcome-message text fields. NOTE: the vendor indicates that this is not a vulnerability because the manipulation requires Superadministrator privileges, and Superadministrators are already allowed to customize surveys with JavaScript as they wish.
5.4
Moyen
CVE-2012-4927 2012-09-15 15h00 +00:00 SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.
7.5
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.