Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

38 matches found

RedhatCVE
RedhatCVEadded 2026/04/10 7:23 p.m.0 views

CVE-2025-63238

A Reflected Cross-Site Scripting XSS affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance function in application/models/QuestionCreate.php. This allows an attacker to craft a malicious URL and compromise the logged in user...

6.1CVSS5.8AI score0.00044EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/04/09 12:0 a.m.2 views

CVE-2025-63238

A Reflected Cross-Site Scripting XSS affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance function in application/models/QuestionCreate.php. This allows an attacker to craft a malicious URL and compromise the logged in user...

5.9AI score0.00044EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/04/09 12:0 a.m.1 views

CVE-2025-63238

A Reflected Cross-Site Scripting XSS affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance function in application/models/QuestionCreate.php. This allows an attacker to craft a malicious URL and compromise the logged in user...

5.8AI score0.00044EPSS
Exploits1References2
CNNVD
CNNVDadded 2026/04/09 12:0 a.m.2 views

LimeSurvey(PHPSurveyor) 安全漏洞

LimeSurvey PHPSurveyor is a set of open-source online survey programs developed by the LimeSurvey team. It supports functions such as survey program development, survey questionnaire publishing, and data collection. Versions of LimeSurvey PHPSurveyor prior to 6.15.11+250909 had security...

6.1CVSS5.7AI score0.00044EPSS
Exploits1References3
RedhatCVE
RedhatCVEadded 2026/03/11 7:9 a.m.3 views

CVE-2025-56421

SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database...

7.5CVSS5.9AI score0.00018EPSS
Exploits0References1
Snyk
Snykadded 2026/03/10 8:43 p.m.1 views

SQL Injection

Overview limesurvey/limesurvey is a FOSS online survey tool on the web. Affected versions of this package are vulnerable to SQL Injection via the statistics module. An attacker can access sensitive information by injecting malicious SQL statements. Remediation Upgrade limesurvey/limesurvey to...

8.7CVSS6AI score0.00018EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2026/03/10 6:31 p.m.4 views

LimeSurvey is vulnerable to SQL injection

SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database...

7.5CVSS5.9AI score0.00018EPSS
Exploits0References6Affected Software1
OSV
OSVadded 2026/03/10 6:17 p.m.4 views

CVE-2025-56421

SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database...

7.5CVSS6AI score0.00018EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/03/10 12:0 a.m.2 views

LimeSurvey 安全漏洞

LimeSurvey PHPSurveyor is a set of open-source online survey programs developed by the LimeSurvey team. It supports functions such as survey program development, survey questionnaire publishing, and data collection. Versions of LimeSurvey prior to 6.15.0+250623 had security vulnerabilities, which...

9.8CVSS6.3AI score0.00199EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/11/21 1:34 p.m.5 views

CVE-2025-41076

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Yii framework, the MySQL/MariaDB database...

6.9CVSS6.7AI score0.00041EPSS
Exploits0References1
OSV
OSVadded 2025/11/20 3:17 p.m.5 views

CVE-2025-41074

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optout that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service DoS attack, by exhausting server or client resources. The system is unable to break the redirect loop, which ca...

7.5CVSS6.7AI score
Exploits0References1
NVD
NVDadded 2025/11/20 3:17 p.m.8 views

CVE-2025-41076

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Yii framework, the MySQL/MariaDB database...

6.9CVSS0.00041EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 10:31 a.m.5 views

CVE-2024-42901

A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file...

4.8CVSS8AI score0.00161EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/23 10:7 a.m.11 views

CVE-2024-24506

Cross Site Scripting XSS vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function...

6.1CVSS6.5AI score0.00366EPSS
Exploits4References1
Positive Technologies
Positive Technologiesadded 2024/10/07 12:0 a.m.2 views

PT-2024-22530 · Unknown · Limesurvey

Name of the Vulnerable Software and Affected Versions: LimeSurvey versions prior to 6.5.12+240611 Description: A Cross Site Scripting vulnerability allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields. This issue enables the execution of arbitrar...

6.1CVSS7.8AI score0.01144EPSS
Exploits0References13
GithubExploit
GithubExploitadded 2024/10/05 8:30 a.m.80 views

Exploit for Cross-site Scripting in Limesurvey

CVE-2019-16172 The CVE-2019-16172 Scanner is designed to check...

5.4CVSS6.6AI score0.01388EPSS
Exploits7
OSV
OSVadded 2024/09/03 6:15 p.m.2 views

CVE-2024-42901

A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file...

4.8CVSS7.3AI score0.00161EPSS
Exploits1References2
CVE
CVEadded 2024/09/03 12:0 a.m.54 views

CVE-2024-42901

Summary: CVE-2024-42901 affects LimeSurvey v6.5.12, where a crafted CSV file upload can trigger a CSV injection that may lead to arbitrary code execution. Details from sources: The vulnerability is described as a CSV injection vulnerability in LimeSurvey v6.5.12 that allows attackers to execute a...

4.8CVSS8AI score0.00161EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2024/09/03 12:0 a.m.15 views

CVE-2024-42901

A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file...

8.2AI score0.00161EPSS
Exploits1References2
CNNVD
CNNVDadded 2024/08/17 12:0 a.m.2 views

LimeSurvey 安全漏洞

LimeSurvey PHPSurveyor is an open source online questionnaire program from the LimeSurvey team, which supports survey program development, questionnaire publishing, and data collection. A security vulnerability exists in LimeSurvey version 6.3.0-231016, which stems from a denial of service due to...

5.1CVSS4.1AI score0.00032EPSS
Exploits1References5
Rows per page
Query Builder