Vulnerability DatabaseWS-2023-0073
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
WS-2023-0073
Published:May 15, 2026
Updated:May 15, 2026
A Stored Cross-Site Scripting (XSS) vulnerability was found in limesurvey/limesurvey prior to 5.6.6. An attacker can execute any javascript code in victim account.
Affected Packages
limesurvey/limesurvey (PHP):
Affected version(s) >=5.0.1+210532 <5.3.7+220328
Fix Suggestion:
Update to version 5.3.7+220328
limesurvey/limesurvey (PHP):
Affected version(s) >=4.4.0-RC1+201223 <dev-snyk-upgrade-2721d74513ebeb6a032896d25085b820
Fix Suggestion:
Update to version dev-snyk-upgrade-2721d74513ebeb6a032896d25085b820
limesurvey/limesurvey (PHP):
Affected version(s) =dev-add-app-params-to-twig <dev-add-before-get-template-event
Fix Suggestion:
Update to version dev-add-before-get-template-event
limesurvey/limesurvey (PHP):
Affected version(s) =dev-inject-questionattributes <dev-install-command-rpc
Fix Suggestion:
Update to version dev-install-command-rpc
limesurvey/limesurvey (PHP):
Affected version(s) >=dev-dependabot/npm_and_yarn/assets/packages/adminbasics/terser-5.14.2 <dev-dependabot/npm_and_yarn/assets/packages/lstutorial/terser-5.14.2
Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/assets/packages/lstutorial/terser-5.14.2
limesurvey/limesurvey (PHP):
Affected version(s) >=dev-dependabot/npm_and_yarn/assets/packages/questions/upload/loader-utils-2.0.3 <2.2.5
Fix Suggestion:
Update to version 2.2.5
limesurvey/limesurvey (PHP):
Affected version(s) >=dev-kill-travis <dev-master-innodb
Fix Suggestion:
Update to version dev-master-innodb
limesurvey/limesurvey (PHP):
Affected version(s) >=5.3.27+220725 <5.6.6+230220
Fix Suggestion:
Update to version 5.6.6+230220
limesurvey/limesurvey (PHP):
Affected version(s) =dev-fix-qngroup-phpdoc <dev-fix-relations-20230411
Fix Suggestion:
Update to version dev-fix-relations-20230411
limesurvey/limesurvey (PHP):
Affected version(s) >=5.3.8+220404 <5.3.26+220720
Fix Suggestion:
Update to version 5.3.26+220720
limesurvey/limesurvey (PHP):
Affected version(s) =dev-on-update-values-v4 <dev-snyk-upgrade-a21e4d557f0b34aa787a93be9924af13
Fix Suggestion:
Update to version dev-snyk-upgrade-a21e4d557f0b34aa787a93be9924af13
limesurvey/limesurvey (PHP):
Affected version(s) =dev-dependabot/npm_and_yarn/assets/packages/questions/upload/terser-5.14.2 <6.0.0+230405
Fix Suggestion:
Update to version 6.0.0+230405
limesurvey/limesurvey (PHP):
Affected version(s) >=dev-dependabot/npm_and_yarn/assets/packages/adminbasics/loader-utils-2.0.3 <dev-dependabot/npm_and_yarn/assets/packages/lstutorial/loader-utils-2.0.3
Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/assets/packages/lstutorial/loader-utils-2.0.3
limesurvey/limesurvey (PHP):
Affected version(s) =dev-dependabot/npm_and_yarn/assets/packages/questions/timer/loader-utils-1.4.2 <dev-detached2
Fix Suggestion:
Update to version dev-detached2
Related Resources (1)
https://github.com/limesurvey/limesurvey/commit/7b2bcaaf2b8acd5562a50ac0cdf69705fa6cc113
Do you need more information?
Contact Us
CVSS v4
Base Score:
4.8
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
HIGH
User Interaction
PASSIVE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW