limesurvey
Web & CMS Pluginsoss-project
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting limesurvey.
- CVE-2026-50636LimeSurvey RemoteControl invite_participants/remind_participants SQL Injection8.8
- CVE-2026-50635LimeSurvey Password Reset Host Header Injection Discloses Reset Token8.8
- CVE-2025-70797Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the Box[title] and box[url] parameters.6.1
- CVE-2025-63238A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance() function in application/models/QuestionCr...6.1
- CVE-2025-56422A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server.9.8
- CVE-2025-56421SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database.7.5
- CVE-2020-36993LimeSurvey <= 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting5.4
- CVE-2025-41076Multiple vulnerabilities in Limesurvey6.5
- CVE-2025-41075Multiple vulnerabilities in Limesurvey7.5
- CVE-2025-41074Multiple vulnerabilities in Limesurvey7.5
- CVE-2025-41376CRLF Injection in Limesurvey5.3
- CVE-2025-41375SQL Injection in Limesurvey9.8
- CVE-2024-28710Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's mess...6.1
- CVE-2024-28709Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.6.1
- CVE-2024-42903A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to...6.5