Limesurvey

Limesurvey

78 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.7

CVE-2025-34120

  • EPSS 69.94%
  • Veröffentlicht 16.07.2025 21:15:26
  • Zuletzt bearbeitet 15.04.2026 00:35:42

An unauthenticated file download vulnerability exists in LimeSurvey versions from 2.0+ up to and including 2.06+ Build 151014. The application fails to validate serialized input to the admin backup endpoint (`index.php/admin/update/sa/backup`), allow...

6.1

CVE-2024-28710

  • EPSS 0.63%
  • Veröffentlicht 07.10.2024 16:15:05
  • Zuletzt bearbeitet 25.03.2025 17:15:53

Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.

6.1

CVE-2024-28709

  • EPSS 1.14%
  • Veröffentlicht 07.10.2024 16:15:05
  • Zuletzt bearbeitet 25.03.2025 17:15:53

Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.

6.5

CVE-2024-42903

  • EPSS 0.31%
  • Veröffentlicht 03.09.2024 18:15:08
  • Zuletzt bearbeitet 13.03.2025 21:15:41

A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users a crafted password reset link that will direct victims to a malicious domain.

8.8

CVE-2024-42902

Exploit
  • EPSS 0.22%
  • Veröffentlicht 03.09.2024 18:15:08
  • Zuletzt bearbeitet 03.07.2025 12:59:01

An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted payload into the lng parameter of the js_localize.php function

4.8

CVE-2024-42901

Exploit
  • EPSS 0.16%
  • Veröffentlicht 03.09.2024 18:15:08
  • Zuletzt bearbeitet 03.07.2025 13:04:06

A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file.

4.9

CVE-2024-7887

Exploit
  • EPSS 0.03%
  • Veröffentlicht 17.08.2024 09:15:12
  • Zuletzt bearbeitet 30.01.2026 20:51:22

A vulnerability was found in LimeSurvey 6.3.0-231016 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php of the component File Upload. The manipulation of the argument size leads to denial of ser...

9.8

CVE-2024-6933

Exploit
  • EPSS 0.15%
  • Veröffentlicht 21.07.2024 01:15:10
  • Zuletzt bearbeitet 29.04.2026 01:00:01

A flaw has been found in LimeSurvey 6.5.14-240624. Affected by this issue is the function actionUpdateSurveyLocaleSettingsGeneralSettings of the file /index.php?r=admin/database/index/updatesurveylocalesettings_generalsettings of the component Survey...

8.8

CVE-2024-39063

Exploit
  • EPSS 0.24%
  • Veröffentlicht 09.07.2024 20:15:12
  • Zuletzt bearbeitet 30.01.2026 20:52:36

Lime Survey <= 6.5.12 is vulnerable to Cross Site Request Forgery (CSRF). The YII_CSRF_TOKEN is only checked when passed in the body of POST requests, but the same check isn't performed in the equivalent GET requests.

6.1

CVE-2024-24506

Exploit
  • EPSS 0.37%
  • Veröffentlicht 03.04.2024 07:15:42
  • Zuletzt bearbeitet 30.01.2026 21:02:09

Cross Site Scripting (XSS) vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function.