Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

Online Survey

LimeSurvey

LimeSurvey (formerly PHPSurveyor) is an open source online survey application written in PHP based on a MySQL PostgreSQL or MSSQL database. It enables users without coding knowledge to develop publish and collect responses to surveys. Surveys can include branching custom preferred layout and design (using a web template system) and can provide basic statistical analysis of survey results.

Official Site:

https://www.limesurvey.org/

Severity Summary:

Critical: 7 High: 13 Medium: 36 Low: 3
Reference
Title
Severity
CVE-2022-48010
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-44796
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2024-42903
LimeSurvey Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Medium
CVE-2024-28709
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2015-5078
LimeSurvey Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
CVE-2018-20322
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2018-16397
LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability
Medium
CVE-2018-17003
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-25799
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-25797
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-25798
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-16192
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-11456
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-11455
LimeSurvey Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2019-17660
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-16182
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-16180
LimeSurvey Vulnerability
Medium
CVE-2019-16179
LimeSurvey Improper Certificate Validation Vulnerability
Medium
CVE-2019-16178
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-16176
LimeSurvey Vulnerability
Medium
CVE-2019-16175
LimeSurvey Improper Restriction of Rendered UI Layers or Frames Vulnerability
Medium
CVE-2019-16173
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-16172
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2017-18358
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-23710
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2024-28710
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-16181
LimeSurvey Vulnerability
Low
CVE-2019-16183
LimeSurvey Incorrect Default Permissions Vulnerability
Low
CVE-2011-5256
LimeSurvey Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Low