Limesurvey/limesurvey
This hub aggregates every CVE we track for Limesurvey/limesurvey, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
6
CVEs tracked
0
Critical
1
High
0
In CISA KEV
Severity distribution
MEDIUM5HIGH1
Monthly trend
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
0
2024-072026-06
Latest CVEs
The 6 most recently published vulnerabilities affecting Limesurvey/limesurvey.
- CVE-2025-56421SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database.7.5
- CVE-2024-28710Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's mess...6.1
- CVE-2024-28709Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.6.1
- CVE-2021-42112The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.6.1
- CVE-2019-16172LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. The attack uses a survey group in which the title contains JavaScri...5.4
- CVE-2019-16173LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php,5.4
Product normalization is registry-driven with AI assist and human review. How it works