pkg:Bitnami/limesurvey

All known vulnerabilities

• CRITICAL9.8CVE-2020-11455LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
  from 0, < 4.1.12, >= 4.1.12-200324, < 4.1.12, >= 4.1.12, < 4.1.13
• CRITICAL9.8CVE-2022-48008An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted…
  >= 5.4.15, < 5.4.16
• HIGH8.8CVE-2024-42902An issue in the js_localize.php function of LimeSurvey v6.6.2 and before allows attackers to execute arbitrary code via injecting a crafted…
  from 0, < 6.15.5
• HIGH8.8CVE-2021-44967A Remote Code Execution (RCE) vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote…
  >= 5.2.4, < 5.2.5
• HIGH7.2CVE-2022-43279LimeSurvey before v5.0.4 was discovered to contain a SQL injection vulnerability via the component /application/views/themeOptions/update.p…
  >= 5.4.4, < 5.4.5
• MEDIUM6.5CVE-2024-42903A Host header injection vulnerability in the password reset function of LimeSurvey v.6.6.1+240806 and before allows attackers to send users…
  from 0, < 6.15.5
• MEDIUM6.1CVE-2024-28709LimeSurvey Cross Site Scripting vulnerability
  from 0, < 6.5.12
• MEDIUM6.1CVE-2024-28710LimeSurvey Cross Site Scripting vulnerability
  from 0, < 6.5.0
• MEDIUM6.1CVE-2020-16192LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters.
  >= 4.3.2, < 4.3.3
• MEDIUM6.1CVE-2020-22607Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via the (1) name and (2) description parameters in application/controllers/ad…
  >= 4.1.11, < 4.1.12
• MEDIUM6.1CVE-2022-29710A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web sc…
  from 0, < 5.3.10
• MEDIUM6.1CVE-2021-42112Cross-site Scripting in Limesurvey
  >= 3.0.0, < 3.27.19
• MEDIUM5.4CVE-2020-11456LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGr…
  from 0, < 4.1.12, >= 4.1.12-200324, < 4.1.12, >= 4.1.12, < 4.1.13
• MEDIUM5.4CVE-2020-23710Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbox via the Notifications & data feature.
  >= 4.2.5, < 4.2.6
• MEDIUM5.4CVE-2020-25797LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First and last name parameters).
  >= 3.21.1, < 3.21.2
• MEDIUM5.4CVE-2020-25798A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permiss…
  from 0, < 3.21.2
• MEDIUM5.4CVE-2020-25799LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey page.
  >= 3.21.1, < 3.21.2
• MEDIUM5.4CVE-2022-48010LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministra…
  >= 5.4.15, < 5.4.16
• MEDIUM5.4CVE-2023-44796Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a cr…
  from 0, < 6.2.9
• MEDIUM4.8CVE-2024-42901A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file.
  from 0, < 6.15.5
• —CVE-2025-41076Multiple vulnerabilities in Limesurvey
  >= 6.13.0, < 6.15.5
• —CVE-2025-41075Multiple vulnerabilities in Limesurvey
  >= 6.13.0, < 6.15.5
• —CVE-2025-41074Multiple vulnerabilities in Limesurvey
  >= 6.13.0, < 6.15.5