11 matches found
CVE-2019-16186
In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions...
EUVD-2014-4915
Malware in sbrugna...
EUVD-2019-5687
Malware in sbrugna...
EUVD-2019-7004
Malware in sbrugna...
EUVD-2020-18443
Malware in sbrugna...
EUVD-2019-6994
Malware in sbrugna...
EUVD-2019-6996
Malware in sbrugna...
BIT-LIMESURVEY-2024-42902
An issue in the jslocalize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the jslocalize.php function...
CVE-2020-16192
LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters...
PT-2024-30196 · Unknown · Limesurvey
Name of the Vulnerable Software and Affected Versions: LimeSurvey versions 6.6.2 and earlier Description: An issue in the js localize.php function allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js localize.php function. This issue enables...
Cross site request forgery (csrf)
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery CSRF vulnerability in Boxes that can result in CSRF admins to delete boxes. This vulnerability appears to have been fixed in 3.6.x...