Limesurvey
Monthly
Account takeover in LimeSurvey is possible through host header injection in the forgotten-password workflow, where reset links are built from the client-supplied HTTP Host header without validation. Remote unauthenticated attackers who know a target's username and email can submit a password-reset request with a spoofed Host header, causing LimeSurvey to email the victim a reset link pointing to an attacker-controlled host while still embedding the valid reset token. Reported by VulnCheck with publicly available exploit code exists via the vendor PR diff, though no public exploit identified at time of analysis in CISA KEV.
LimeSurvey before v6.15.0 has an insecure deserialization enabling remote code execution through crafted survey data.
SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database. [CVSS 7.5 HIGH]
LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. [CVSS 5.4 MEDIUM]
In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability in LimeSurvey 6.13.0 in the endpoint /optout that causes infinite HTTP redirects when accessed directly. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
CRLF Injection vulnerability in Limesurvey v2.65.1+170522. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SQL Injection vulnerability in Limesurvey v2.65.1+170522. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Account takeover in LimeSurvey is possible through host header injection in the forgotten-password workflow, where reset links are built from the client-supplied HTTP Host header without validation. Remote unauthenticated attackers who know a target's username and email can submit a password-reset request with a spoofed Host header, causing LimeSurvey to email the victim a reset link pointing to an attacker-controlled host while still embedding the valid reset token. Reported by VulnCheck with publicly available exploit code exists via the vendor PR diff, though no public exploit identified at time of analysis in CISA KEV.
LimeSurvey before v6.15.0 has an insecure deserialization enabling remote code execution through crafted survey data.
SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database. [CVSS 7.5 HIGH]
LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. [CVSS 5.4 MEDIUM]
In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability in LimeSurvey 6.13.0 in the endpoint /optin that causes infinite HTTP redirects when accessed directly. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Vulnerability in LimeSurvey 6.13.0 in the endpoint /optout that causes infinite HTTP redirects when accessed directly. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
CRLF Injection vulnerability in Limesurvey v2.65.1+170522. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SQL Injection vulnerability in Limesurvey v2.65.1+170522. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.