Lucene search
K

52 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.9 views

CVE-2026-50635

LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it. The optional allowedHosts allowlist that would constrain this is undefined in the default and documented configuration, so LSHttpRequest::checkIsAllowedHost results in no operation....

8.8CVSS5.5AI score0.00372EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 6:17 p.m.11 views

CVE-2026-50635

LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it. The optional allowedHosts allowlist that would constrain this is undefined in the default and documented configuration, so LSHttpRequest::checkIsAllowedHost results in no operation....

8.8CVSS0.00372EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/10 7:23 p.m.2 views

CVE-2025-63238

A Reflected Cross-Site Scripting XSS affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance function in application/models/QuestionCreate.php. This allows an attacker to craft a malicious URL and compromise the logged in user...

6.1CVSS5.8AI score0.00227EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/09 12:0 a.m.2 views

CVE-2025-63238

A Reflected Cross-Site Scripting XSS affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance function in application/models/QuestionCreate.php. This allows an attacker to craft a malicious URL and compromise the logged in user...

5.8AI score0.00227EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.6 views

LimeSurvey(PHPSurveyor) 安全漏洞

LimeSurvey PHPSurveyor is a set of open-source online survey programs developed by the LimeSurvey team. It supports functions such as survey program development, survey questionnaire publishing, and data collection. Versions of LimeSurvey PHPSurveyor prior to 6.15.11+250909 had security...

6.1CVSS5.7AI score0.00227EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/09 12:0 a.m.3 views

CVE-2025-63238

A Reflected Cross-Site Scripting XSS affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance function in application/models/QuestionCreate.php. This allows an attacker to craft a malicious URL and compromise the logged in user...

5.9AI score0.00227EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/11 7:9 a.m.5 views

CVE-2025-56421

SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database...

7.5CVSS5.9AI score0.00468EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/10 8:43 p.m.3 views

SQL Injection

Overview limesurvey/limesurvey is a FOSS online survey tool on the web. Affected versions of this package are vulnerable to SQL Injection via the statistics module. An attacker can access sensitive information by injecting malicious SQL statements. Remediation Upgrade limesurvey/limesurvey to...

8.7CVSS6AI score0.00468EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/10 6:31 p.m.6 views

LimeSurvey is vulnerable to SQL injection

SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database...

7.5CVSS5.9AI score0.00468EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/10 6:17 p.m.5 views

CVE-2025-56421

SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database...

7.5CVSS6AI score0.00468EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.4 views

LimeSurvey 安全漏洞

LimeSurvey PHPSurveyor is a set of open-source online survey programs developed by the LimeSurvey team. It supports functions such as survey program development, survey questionnaire publishing, and data collection. Versions of LimeSurvey prior to 6.15.0+250623 had security vulnerabilities, which...

9.8CVSS6.3AI score0.00883EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/10 12:0 a.m.2 views

CVE-2025-56421

SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database...

5.9AI score0.00468EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:33 a.m.9 views

CVE-2024-39063

Lime Survey = 6.5.12 is vulnerable to Cross Site Request Forgery CSRF. The YIICSRFTOKEN is only checked when passed in the body of POST requests, but the same check isn't performed in the equivalent GET requests...

8.8CVSS6.9AI score0.00295EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/21 1:34 p.m.6 views

CVE-2025-41076

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Yii framework, the MySQL/MariaDB database...

6.9CVSS6.7AI score0.0023EPSS
Exploits0References1
OSV
OSV
added 2025/11/20 3:17 p.m.7 views

CVE-2025-41074

Vulnerability in LimeSurvey 6.13.0 in the endpoint /optout that causes infinite HTTP redirects when accessed directly. This behavior can be exploited to generate a Denegation of Service DoS attack, by exhausting server or client resources. The system is unable to break the redirect loop, which ca...

7.5CVSS6.7AI score
Exploits0References1
NVD
NVD
added 2025/11/20 3:17 p.m.16 views

CVE-2025-41076

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Yii framework, the MySQL/MariaDB database...

6.9CVSS0.0023EPSS
Exploits0References1
OSV
OSV
added 2025/07/04 7:40 a.m.1 views

BIT-LIMESURVEY-2024-42901

A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file...

4.8CVSS7.4AI score0.004EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 10:31 a.m.8 views

CVE-2024-42901

A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file...

4.8CVSS8AI score0.004EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:7 a.m.21 views

CVE-2024-24506

Cross Site Scripting XSS vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function...

6.1CVSS6.5AI score0.00677EPSS
Exploits4References1
Positive Technologies
Positive Technologies
added 2024/10/07 12:0 a.m.6 views

PT-2024-22530 · Unknown · Limesurvey

Name of the Vulnerable Software and Affected Versions: LimeSurvey versions prior to 6.5.12+240611 Description: A Cross Site Scripting vulnerability allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields. This issue enables the execution of arbitrar...

6.1CVSS7.8AI score0.00535EPSS
Exploits0References13
Rows per page
Query Builder