LimeSurvey 3.19.1

CPE Details

LimeSurvey 3.19.1
limesurvey
limesurvey
3.19.1
2019-10-31
14h44 +00:00
2019-10-31
14h44 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:limesurvey:limesurvey:3.19.1:*:*:*:*:*:*:*

Informations

Vendor

limesurvey

Product

limesurvey

Version

3.19.1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-28709 2024-10-07 00h00 +00:00 Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.
6.1
Moyen
CVE-2024-28710 2024-10-07 00h00 +00:00 Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.
6.1
Moyen
CVE-2024-42903 2024-09-03 00h00 +00:00 A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a malicious domain.
6.5
Moyen
CVE-2023-44796 2023-11-16 23h00 +00:00 Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component.
5.4
Moyen
CVE-2022-29710 2022-05-24 21h56 +00:00 A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin.
6.1
Moyen
CVE-2021-42112 2021-10-08 18h45 +00:00 The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.
6.1
Moyen
CVE-2020-25798 2020-11-17 13h21 +00:00 A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter ParticipantAttributeNamesDropdown of the Attributes on the central participant database page. When the survey attribute being edited or viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser.
5.4
Moyen
CVE-2020-11455 2020-04-01 13h48 +00:00 LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
9.8
Critique
CVE-2020-11456 2020-04-01 13h48 +00:00 LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups).
5.4
Moyen
CVE-2019-17660 2019-10-16 13h28 +00:00 A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO.
6.1
Moyen
CVE-2012-4927 2012-09-15 15h00 +00:00 SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.
7.5
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.