Denis Chenu

28 exploits Active since Jun 2015
CVE-2023-44796 WRITEUP MEDIUM WRITEUP
LimeSurvey < 6.2.9 - Cross-Site Scripting in _generaloptions_panel.php
Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component.
CVSS 5.4
CVE-2024-28710 WRITEUP MEDIUM WRITEUP
LimeSurvey < 6.5.0+240319 - Stored Cross-Site Scripting in Alert Widget Message Component
Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.
CVSS 6.1
CVE-2024-6933 WRITEUP MEDIUM WRITEUP
LimeSurvey 6.5.14-6.6.2 - SQL Injection via Survey General Settings Language Parameter
A flaw has been found in LimeSurvey 6.5.14-240624. Affected by this issue is the function actionUpdateSurveyLocaleSettingsGeneralSettings of the file /index.php?r=admin/database/index/updatesurveylocalesettings_generalsettings of the component Survey General Settings Handler. This manipulation of the argument Language causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to version 6.6.2+240827 can resolve this issue. Patch name: d656d2c7980b7642560977f4780e64533a68e13d. You should upgrade the affected component.
CVSS 6.3