Total
66 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2570 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in LimeSurvey (formerly PHPSurveyor) before 1.71 have unknown impact and attack vectors. | |||||
| CVE-2007-5573 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in classes/core/language.php in LimeSurvey 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter. | |||||
| CVE-2007-3632 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka PHPSurveyor) 1.49RC2 allow remote attackers to execute arbitrary PHP code via a URL in the homedir parameter to (1) OLE/PPS/File.php, (2) OLE/PPS/Root.php, (3) Spreadsheet/Excel/Writer.php, or (4) OLE/PPS.php in admin/classes/pear/; or (5) Worksheet.php, (6) Parser.php, (7) Workbook.php, (8) Format.php, or (9) BIFFwriter.php in admin/classes/pear/Spreadsheet/Excel/Writer/. | |||||
| CVE-2024-28709 | 1 Limesurvey | 1 Limesurvey | 2024-10-15 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields. | |||||
| CVE-2024-28710 | 1 Limesurvey | 1 Limesurvey | 2024-10-15 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component. | |||||
| CVE-2024-42903 | 1 Limesurvey | 1 Limesurvey | 2024-09-12 | N/A | 6.5 MEDIUM |
| A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a malicious domain. | |||||