9 matches found
EUVD-2020-3810
Malware in sbrugna...
BIT-LIMESURVEY-2020-11456
LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php aka survey groups...
The user can put their survey in the survey groups even though this survey group is not in public mode
Description The user can put their survey in the survey groups even though this survey group is not in public mode Proof of Concept Step 1: The survey group SG03 isn't in public mode \ Step 2: In the "Survey groups" tab, User2 with only survey permission only sees the survey group Default \ Step ...
Stored XSS in Survey Groups Function
Description By Injecting the payloads to the fields Title, Description, users who visited "Survey list" screen maybe compromises Proof of Concept Step 1: Login as Administrator, go to the "Survey list" screen function, click "create survey group" button. Step 2: Inject the payload to the fields...
LimeSurvey 4.1.11 Cross Site Scripting
Exploit Title: LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting Date: 2020-04-02 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 CVE : CVE-2020-11456 Vulnerability Details...
LimeSurvey 4.1.11 - (Survey Groups) Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 CVE :...
LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting
Exploit Title: LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting Date: 2020-04-02 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 CVE : CVE-2020-11456 Vulnerability Details...
CVE-2020-11456
LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php aka survey groups...
PT-2020-12622 · Limesurvey · Limesurvey
Name of the Vulnerable Software and Affected Versions: LimeSurvey versions prior to 4.1.12+200324 Description: The issue concerns stored XSS in certain files, specifically in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php, which is related to...