CVE-2020-11455

CVE-2020-11455 affects LimeSurvey versions before 4.1.12+200324, exposing a path traversal vulnerability in the file manager (application/controllers/admin/LimeSurveyFileManager.php). The vulnerability in the getZipFile path traversal allows arbitrary file download, with reports noting the retrie...

CVE-2020-11456

LimeSurvey before 4.1.12+200324 is affected by a stored XSS in the admin area, specifically in the files application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (survey groups). The vulnerability allows injection via the title parameter in the Survey Grou...

PT-2020-12621 · Limesurvey · Limesurvey

Name of the Vulnerable Software and Affected Versions: LimeSurvey versions prior to 4.1.12+200324 Description: The issue is related to a path traversal vulnerability. It affects the file application/controllers/admin/LimeSurveyFileManager.php. Recommendations: For versions prior to 4.1.12+200324,...

PT-2020-12622 · Limesurvey · Limesurvey

Name of the Vulnerable Software and Affected Versions: LimeSurvey versions prior to 4.1.12+200324 Description: The issue concerns stored XSS in certain files, specifically in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php, which is related to...