Show filters
68 Total Results
Displaying 31-40 of 68
Sort by:
Attacker Value
Unknown

CVE-2019-16177

Disclosure Date: September 09, 2019 (last updated November 27, 2024)
In Limesurvey before 3.17.14, the entire database is exposed through browser caching.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-16182

Disclosure Date: September 09, 2019 (last updated November 27, 2024)
A reflected cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to inject arbitrary web script or HTML via extensions of uploaded files.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-16183

Disclosure Date: September 09, 2019 (last updated November 27, 2024)
In Limesurvey before 3.17.14, admin users can run an integrity check without proper permissions.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-16180

Disclosure Date: September 09, 2019 (last updated November 27, 2024)
Limesurvey before 3.17.14 allows remote attackers to bruteforce the login form and enumerate usernames when the LDAP authentication method is used.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-16174

Disclosure Date: September 09, 2019 (last updated November 27, 2024)
An XML injection vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to import specially crafted XML files and execute code or compromise data integrity.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-16184

Disclosure Date: September 09, 2019 (last updated November 27, 2024)
A CSV injection vulnerability was found in Limesurvey before 3.17.14 that allows survey participants to inject commands via their survey responses that will be included in the export CSV file.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-16175

Disclosure Date: September 09, 2019 (last updated November 27, 2024)
A clickjacking vulnerability was found in Limesurvey before 3.17.14.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-16186

Disclosure Date: September 09, 2019 (last updated November 27, 2024)
In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-16172

Disclosure Date: September 09, 2019 (last updated November 27, 2024)
LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-16173

Disclosure Date: September 09, 2019 (last updated November 27, 2024)
LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php,
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
View More Topics  < Previous  Next >