limesurvey/limesurvey vulnerabilities

License

(GPL-2.0 OR GPL-3.0 OR LGPL-2.1 OR LGPL-3.0 OR MIT)>=2.2.5, <3.29.2;

>=1.0.4, <2.2.5;

>=3.29.2, <4.0.0-beta;

Known vulnerabilities in the limesurvey/limesurvey package. This does not include vulnerabilities belonging to this package’s dependencies.

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Vulnerability	Vulnerable Version
C Deserialization of Untrusted Data	<6.15.0
H SQL Injection	<6.15.4
M Infinite loop	>=2.2.5, <6.14.1
M Infinite loop	>=2.2.5, <6.14.2
M Information Exposure	>=2.2.5, <6.15.0
M Cross-site Scripting (XSS)	>=2.2.5, <6.5.0
M CSV Injection	>=2.2.5, <5.6.68
H Open Redirect	>=2.2.5, <6.6.1
H Local File Inclusion	>=0.0.0
M Improper Resource Shutdown or Release	>=0.0.0
M SQL Injection	>=0.0.0
M Cross-Site Request Forgery (CSRF)	>=2.2.5, <6.5.14
M Cross-site Scripting (XSS)	>=0.0.0
M Cross-site Scripting (XSS)	>=2.2.5, <3.17.14
M Cross-site Scripting (XSS)	<1.0.4>=2.6.2, <3.17.14
M Cross-site Scripting (XSS)	>=0.0.0
C Arbitrary Code Execution	>=0.0.0
M SQL Injection	>=0.0.0
M Cross-site Scripting (XSS)	>=2.2.5, <5.3.11
H Arbitrary File Upload	>=0.0.0
M Cross-site Scripting (XSS)	>=3.0.0+171222, <3.27.19+210928
C SQL Injection	>=2.2.5, <3.19.0
H Cross-site Scripting (XSS)	>=2.2.5, <3.21.3
H Cross-site Scripting (XSS)	>=2.2.5, <3.21.3
M Cross-site Scripting (XSS)	>=3.21.1, <3.21.3
M Directory Traversal	>=3.16.1, <3.17.0