Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/limesurvey/limesurvey@3.0.2%2B180110
Typecomposer
Namespacelimesurvey
Namelimesurvey
Version3.0.2+180110
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.15.4+250710
Latest_non_vulnerable_version6.15.4+250710
Affected_by_vulnerabilities
0
url VCID-19rz-rdqw-13d1
vulnerability_id VCID-19rz-rdqw-13d1
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-42112
reference_id
reference_type
scores
0
value 0.00576
scoring_system epss
scoring_elements 0.69187
published_at 2026-06-08T12:55:00Z
1
value 0.00576
scoring_system epss
scoring_elements 0.69202
published_at 2026-06-07T12:55:00Z
2
value 0.00576
scoring_system epss
scoring_elements 0.6921
published_at 2026-06-06T12:55:00Z
3
value 0.00576
scoring_system epss
scoring_elements 0.69201
published_at 2026-06-05T12:55:00Z
4
value 0.00576
scoring_system epss
scoring_elements 0.69162
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-42112
1
reference_url https://bugs.limesurvey.org/view.php?id=17562
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.limesurvey.org/view.php?id=17562
2
reference_url https://github.com/LimeSurvey/LimeSurvey
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/LimeSurvey/LimeSurvey
3
reference_url https://github.com/LimeSurvey/LimeSurvey/commit/d56619a50cfd191bbffd0adb660638a5e438070d
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/LimeSurvey/LimeSurvey/commit/d56619a50cfd191bbffd0adb660638a5e438070d
4
reference_url https://github.com/LimeSurvey/LimeSurvey/pull/2044
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/LimeSurvey/LimeSurvey/pull/2044
5
reference_url https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_limesurvey_-_cve-2021-42112.pdf
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_limesurvey_-_cve-2021-42112.pdf
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-42112
reference_id CVE-2021-42112
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-42112
7
reference_url https://github.com/advisories/GHSA-h9ph-jcgh-gf69
reference_id GHSA-h9ph-jcgh-gf69
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h9ph-jcgh-gf69
fixed_packages
0
url pkg:composer/limesurvey/limesurvey@3.27.19
purl pkg:composer/limesurvey/limesurvey@3.27.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/limesurvey/limesurvey@3.27.19
1
url pkg:composer/limesurvey/limesurvey@3.27.19%2B210928
purl pkg:composer/limesurvey/limesurvey@3.27.19%2B210928
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hdx5-jfua-zqcz
1
vulnerability VCID-n97j-ct5m-nfdg
2
vulnerability VCID-tfza-pkrj-1fbu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/limesurvey/limesurvey@3.27.19%252B210928
aliases CVE-2021-42112, GHSA-h9ph-jcgh-gf69
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-19rz-rdqw-13d1
1
url VCID-f6e3-r5g9-qyda
vulnerability_id VCID-f6e3-r5g9-qyda
summary 
Cross-site Scripting in LimeSurvey
LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScript that is mishandled upon group deletion.
references
0
reference_url http://packetstormsecurity.com/files/154479/LimeSurvey-3.17.13-Cross-Site-Scripting.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/154479/LimeSurvey-3.17.13-Cross-Site-Scripting.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16172
reference_id
reference_type
scores
0
value 0.01388
scoring_system epss
scoring_elements 0.80696
published_at 2026-06-08T12:55:00Z
1
value 0.01388
scoring_system epss
scoring_elements 0.80675
published_at 2026-06-04T12:55:00Z
2
value 0.01388
scoring_system epss
scoring_elements 0.80701
published_at 2026-06-05T12:55:00Z
3
value 0.01388
scoring_system epss
scoring_elements 0.80703
published_at 2026-06-06T12:55:00Z
4
value 0.01388
scoring_system epss
scoring_elements 0.80699
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16172
2
reference_url http://seclists.org/fulldisclosure/2019/Sep/22
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2019/Sep/22
3
reference_url https://github.com/LimeSurvey/LimeSurvey/commit/32d6a5224327b246ee3a2a08500544e4f80f9a9a
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/LimeSurvey/LimeSurvey/commit/32d6a5224327b246ee3a2a08500544e4f80f9a9a
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16172
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16172
5
reference_url https://seclists.org/bugtraq/2019/Sep/27
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Sep/27
6
reference_url https://www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-190902-released
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-190902-released
7
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/47386.txt
reference_id CVE-2019-16173;CVE-2019-16172
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/47386.txt
8
reference_url https://github.com/advisories/GHSA-fr47-r224-c36m
reference_id GHSA-fr47-r224-c36m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fr47-r224-c36m
fixed_packages
0
url pkg:composer/limesurvey/limesurvey@3.17.14
purl pkg:composer/limesurvey/limesurvey@3.17.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/limesurvey/limesurvey@3.17.14
1
url pkg:composer/limesurvey/limesurvey@3.17.14%2B190902
purl pkg:composer/limesurvey/limesurvey@3.17.14%2B190902
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19rz-rdqw-13d1
1
vulnerability VCID-hdx5-jfua-zqcz
2
vulnerability VCID-n97j-ct5m-nfdg
3
vulnerability VCID-tfza-pkrj-1fbu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/limesurvey/limesurvey@3.17.14%252B190902
aliases CVE-2019-16172, GHSA-fr47-r224-c36m
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f6e3-r5g9-qyda
2
url VCID-hdx5-jfua-zqcz
vulnerability_id VCID-hdx5-jfua-zqcz
summary 
LimeSurvey is vulnerable to SQL injection
SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database.
references
0
reference_url http://limesurvey.com
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T18:44:05Z/
url http://limesurvey.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-56421
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.05106
published_at 2026-06-06T12:55:00Z
1
value 0.00018
scoring_system epss
scoring_elements 0.0512
published_at 2026-06-05T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.0506
published_at 2026-06-08T12:55:00Z
3
value 0.00018
scoring_system epss
scoring_elements 0.051
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-56421
2
reference_url https://github.com/LimeSurvey/LimeSurvey
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/LimeSurvey/LimeSurvey
3
reference_url https://github.com/LimeSurvey/LimeSurvey/commit/d6c3c780cdd17d5eef1c8c69ad0105beffa2374f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/LimeSurvey/LimeSurvey/commit/d6c3c780cdd17d5eef1c8c69ad0105beffa2374f
4
reference_url https://github.com/LimeSurvey/LimeSurvey/pull/4328
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/LimeSurvey/LimeSurvey/pull/4328
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-56421
reference_id CVE-2025-56421
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-56421
6
reference_url https://github.com/hongancalif/security-advisories/blob/main/CVE-2025-56421.md
reference_id CVE-2025-56421.MD
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-10T18:44:05Z/
url https://github.com/hongancalif/security-advisories/blob/main/CVE-2025-56421.md
7
reference_url https://github.com/advisories/GHSA-rccq-2fxq-7x3h
reference_id GHSA-rccq-2fxq-7x3h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rccq-2fxq-7x3h
fixed_packages
0
url pkg:composer/limesurvey/limesurvey@6.15.4
purl pkg:composer/limesurvey/limesurvey@6.15.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/limesurvey/limesurvey@6.15.4
1
url pkg:composer/limesurvey/limesurvey@6.15.4%2B250710
purl pkg:composer/limesurvey/limesurvey@6.15.4%2B250710
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/limesurvey/limesurvey@6.15.4%252B250710
aliases CVE-2025-56421, GHSA-rccq-2fxq-7x3h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hdx5-jfua-zqcz
3
url VCID-n97j-ct5m-nfdg
vulnerability_id VCID-n97j-ct5m-nfdg
summary 
LimeSurvey Cross Site Scripting vulnerability
Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.
references
0
reference_url http://limesurvey.com
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T17:04:24Z/
url http://limesurvey.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28710
reference_id
reference_type
scores
0
value 0.00633
scoring_system epss
scoring_elements 0.70785
published_at 2026-06-05T12:55:00Z
1
value 0.00633
scoring_system epss
scoring_elements 0.70792
published_at 2026-06-06T12:55:00Z
2
value 0.00633
scoring_system epss
scoring_elements 0.70775
published_at 2026-06-07T12:55:00Z
3
value 0.00633
scoring_system epss
scoring_elements 0.70762
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28710
2
reference_url https://github.com/LimeSurvey/LimeSurvey
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/LimeSurvey/LimeSurvey
3
reference_url https://github.com/LimeSurvey/LimeSurvey/commit/c2fd60f94bc1db275f20cbb27a3135a9bdfb7f10
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T17:04:24Z/
url https://github.com/LimeSurvey/LimeSurvey/commit/c2fd60f94bc1db275f20cbb27a3135a9bdfb7f10
4
reference_url https://www.limesurvey.org
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.limesurvey.org
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28710
reference_id CVE-2024-28710
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28710
6
reference_url https://github.com/advisories/GHSA-632q-77qj-c89q
reference_id GHSA-632q-77qj-c89q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-632q-77qj-c89q
fixed_packages
0
url pkg:composer/limesurvey/limesurvey@6.5.0
purl pkg:composer/limesurvey/limesurvey@6.5.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/limesurvey/limesurvey@6.5.0
1
url pkg:composer/limesurvey/limesurvey@6.5.0%2B240319
purl pkg:composer/limesurvey/limesurvey@6.5.0%2B240319
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hdx5-jfua-zqcz
1
vulnerability VCID-tfza-pkrj-1fbu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/limesurvey/limesurvey@6.5.0%252B240319
aliases CVE-2024-28710, GHSA-632q-77qj-c89q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n97j-ct5m-nfdg
4
url VCID-tfza-pkrj-1fbu
vulnerability_id VCID-tfza-pkrj-1fbu
summary 
LimeSurvey Cross Site Scripting vulnerability
Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.
references
0
reference_url http://limesurvey.com
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T17:04:53Z/
url http://limesurvey.com
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28709
reference_id
reference_type
scores
0
value 0.01144
scoring_system epss
scoring_elements 0.78806
published_at 2026-06-05T12:55:00Z
1
value 0.01144
scoring_system epss
scoring_elements 0.78794
published_at 2026-06-08T12:55:00Z
2
value 0.01144
scoring_system epss
scoring_elements 0.78804
published_at 2026-06-07T12:55:00Z
3
value 0.01144
scoring_system epss
scoring_elements 0.78814
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28709
2
reference_url https://github.com/LimeSurvey/LimeSurvey
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/LimeSurvey/LimeSurvey
3
reference_url https://github.com/LimeSurvey/LimeSurvey/commit/c844c4fba81cc26ffe6544bf095bad6252910bc0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-07T17:04:53Z/
url https://github.com/LimeSurvey/LimeSurvey/commit/c844c4fba81cc26ffe6544bf095bad6252910bc0
4
reference_url https://www.limesurvey.org
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.limesurvey.org
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28709
reference_id CVE-2024-28709
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28709
6
reference_url https://github.com/advisories/GHSA-c7xm-rwqj-pgcj
reference_id GHSA-c7xm-rwqj-pgcj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c7xm-rwqj-pgcj
fixed_packages
0
url pkg:composer/limesurvey/limesurvey@6.5.12
purl pkg:composer/limesurvey/limesurvey@6.5.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/limesurvey/limesurvey@6.5.12
1
url pkg:composer/limesurvey/limesurvey@6.5.12%2B240611
purl pkg:composer/limesurvey/limesurvey@6.5.12%2B240611
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hdx5-jfua-zqcz
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/limesurvey/limesurvey@6.5.12%252B240611
aliases CVE-2024-28709, GHSA-c7xm-rwqj-pgcj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tfza-pkrj-1fbu
5
url VCID-vy7s-91sy-wqhz
vulnerability_id VCID-vy7s-91sy-wqhz
summary 
Cross-site Scripting in LimeSurvey
LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php,
references
0
reference_url http://packetstormsecurity.com/files/154479/LimeSurvey-3.17.13-Cross-Site-Scripting.html
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/154479/LimeSurvey-3.17.13-Cross-Site-Scripting.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16173
reference_id
reference_type
scores
0
value 0.0062
scoring_system epss
scoring_elements 0.70439
published_at 2026-06-07T12:55:00Z
1
value 0.0062
scoring_system epss
scoring_elements 0.70448
published_at 2026-06-05T12:55:00Z
2
value 0.0062
scoring_system epss
scoring_elements 0.70428
published_at 2026-06-08T12:55:00Z
3
value 0.0062
scoring_system epss
scoring_elements 0.70457
published_at 2026-06-06T12:55:00Z
4
value 0.0062
scoring_system epss
scoring_elements 0.70407
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16173
2
reference_url http://seclists.org/fulldisclosure/2019/Sep/22
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2019/Sep/22
3
reference_url https://github.com/LimeSurvey/LimeSurvey/commit/f1c1ad2d24eb262363511fcca2e96ce737064006
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/LimeSurvey/LimeSurvey/commit/f1c1ad2d24eb262363511fcca2e96ce737064006
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16173
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16173
5
reference_url https://seclists.org/bugtraq/2019/Sep/27
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Sep/27
6
reference_url https://www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-190902-released
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.limesurvey.org/limesurvey-updates/2188-limesurvey-3-17-14-build-190902-released
7
reference_url https://github.com/advisories/GHSA-r5f2-4wf4-cv66
reference_id GHSA-r5f2-4wf4-cv66
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r5f2-4wf4-cv66
fixed_packages
0
url pkg:composer/limesurvey/limesurvey@3.17.14
purl pkg:composer/limesurvey/limesurvey@3.17.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/limesurvey/limesurvey@3.17.14
1
url pkg:composer/limesurvey/limesurvey@3.17.14%2B190902
purl pkg:composer/limesurvey/limesurvey@3.17.14%2B190902
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19rz-rdqw-13d1
1
vulnerability VCID-hdx5-jfua-zqcz
2
vulnerability VCID-n97j-ct5m-nfdg
3
vulnerability VCID-tfza-pkrj-1fbu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/limesurvey/limesurvey@3.17.14%252B190902
aliases CVE-2019-16173, GHSA-r5f2-4wf4-cv66
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vy7s-91sy-wqhz
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/limesurvey/limesurvey@3.0.2%252B180110