Limesurvey : Security Vulnerabilities, CVEs, Published In 2012
Cross-site scripting (XSS) vulnerability in admin/userrighthandling.php in LimeSurvey before 1.91+ Build 120224 allows remote attackers to inject arbitrary web script or HTML via the full_name parameter in a moduser action to admin/admin.php. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.25%
Published
2012-09-19
Updated
2017-08-29
SQL injection vulnerability in admin/admin.php in LimeSurvey before 1.91+ Build 120224 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a browse action. NOTE: some of these details are obtained from third party information.
Max CVSS
6.5
EPSS Score
0.20%
Published
2012-09-19
Updated
2017-08-29
SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.
Max CVSS
7.5
EPSS Score
0.40%
Published
2012-09-15
Updated
2017-08-29
3 vulnerabilities found