CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

748 matches found

LimeSurvey 4.1.11 - Local File Inclusion

LimeSurvey before 4.1.12+200324 is vulnerable to local file inclusion because it contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. id: CVE-2020-11455 info: name: LimeSurvey 4.1.11 - Local File Inclusion author: daffainfo severity: critical...

9.8CVSS7.3AI score0.93169EPSS

Exploits6References5

RedhatCVE•added 2026/04/10 1:22 a.m.•1 views

CVE-2025-70797

Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the Boxtitle and boxurl parameters...

6.1CVSS6.3AI score0.00077EPSS

Exploits1References1

EUVD•added 2026/04/09 6:31 p.m.•2 views

EUVD-2025-209390

A Reflected Cross-Site Scripting XSS affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance function in application/models/QuestionCreate.php. This allows an attacker to craft a malicious URL and compromise the logged in user...

5.9AI score0.00044EPSS

Exploits1References3

EUVD•added 2026/04/09 6:31 p.m.•2 views

EUVD-2025-209392

Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the Boxtitle and boxurl parameters...

6.1CVSS6.3AI score0.00077EPSS

Exploits1References3

NVD•added 2026/04/09 6:16 p.m.•0 views

CVE-2025-63238

6.1CVSS0.00044EPSS

Exploits1References2

NVD•added 2026/04/09 6:16 p.m.•0 views

CVE-2025-70797

Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the Boxtitle and boxurl parameters...

6.1CVSS0.00077EPSS

Exploits1References2

Snyk•added 2026/04/09 6:10 p.m.•1 views

Cross-site Scripting (XSS)

Overview limesurvey/limesurvey is a FOSS online survey tool on the web. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Boxtitle and boxurl parameters. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious input...

8.5CVSS5.8AI score0.00077EPSS

Exploits1References2

Snyk•added 2026/04/09 6:9 p.m.•1 views

Cross-site Scripting (XSS)

Overview limesurvey/limesurvey is a FOSS online survey tool on the web. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the getInstance function when processing the gid parameter. An attacker can execute arbitrary JavaScript in the context of a logged-in user by...

6.1CVSS5.8AI score0.00044EPSS

Exploits1References2

CVE•added 2026/04/09 12:0 a.m.•2 views

CVE-2025-70797

CVE-2025-70797 affects LimeSurvey (v6.15.20+251021). It enables Cross-Site Scripting via Box[title] and box[url] parameters, allowing remote execution of scripts in the context of users’ browsers. The common remediation across sources is to upgrade LimeSurvey to version 6.15.21 or newer. If upgra...

6.1CVSS6.3AI score0.00077EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/04/09 12:0 a.m.•14 views

CVE-2025-63238

0.00044EPSS

Exploits1References2

Positive Technologies•added 2026/04/09 12:0 a.m.•1 views

PT-2026-31653

5.9AI score0.00044EPSS

Exploits1References3

CVE•added 2026/04/09 12:0 a.m.•4 views

CVE-2025-63238

CVE-2025-63238 is a reported Reflected Cross‑Site Scripting (XSS) in LimeSurvey prior to 6.15.11+250909. The vulnerability stems from missing validation of the gid parameter in getInstance() within application/models/QuestionCreate.php, allowing an attacker to craft a malicious URL that could com...

6.1CVSS5.9AI score0.00044EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2026/04/09 12:0 a.m.•0 views

PT-2026-31654

Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the Boxtitle and boxurl parameters...

6.1CVSS6.3AI score0.00077EPSS

Exploits1References3

ATTACKERKB•added 2026/04/09 12:0 a.m.•0 views

CVE-2025-70797

Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the Boxtitle and boxurl parameters...

6.3AI score0.00077EPSS

Exploits1References3

CNNVD•added 2026/04/09 12:0 a.m.•3 views

LimeSurvey 安全漏洞

LimeSurvey PHPSurveyor is a set of open-source online survey programs developed by the LimeSurvey team. It supports functions such as survey program development, survey questionnaire publishing, and data collection. Version 6.15.20+251021 of Limesurvey contains a security vulnerability, which ste...

6.1CVSS5.6AI score0.00077EPSS

Exploits1References3

Cvelist•added 2026/04/09 12:0 a.m.•15 views

CVE-2025-70797

Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the Boxtitle and boxurl parameters...

0.00077EPSS

Exploits1References2

RedhatCVE•added 2026/03/11 7:8 a.m.•0 views

CVE-2025-56422

A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server...

9.8CVSS6.2AI score0.00199EPSS

Exploits0References1

Snyk•added 2026/03/10 8:43 p.m.•1 views

Deserialization of Untrusted Data

Overview limesurvey/limesurvey is a FOSS online survey tool on the web. Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the decodeTokenAttributes helper. An attacker can achieve remote code execution by supplying a malicious serialized token attribute...

9.8CVSS6.4AI score0.00199EPSS

Exploits0References2

EUVD•added 2026/03/10 6:31 p.m.•0 views

EUVD-2025-208505

A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server...

9.8CVSS6.2AI score0.00199EPSS

Exploits0References3

EUVD•added 2026/03/10 6:31 p.m.•2 views

EUVD-2025-208503

SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database...

7.5CVSS5.9AI score0.00018EPSS

Exploits0References3