WS-2023-0243 | Mend Vulnerability Database

Vulnerability DatabaseWS-2023-0243

WS-2023-0243

Published:May 15, 2026

Updated:May 15, 2026

Stored XSS in End page in limesurvey/limesurvey

Affected Packages

limesurvey/limesurvey (PHP):

Affected version(s) >=3.0.0-RC.1 <3.0.0-beta.1+170720

Fix Suggestion:

Update to version 3.0.0-beta.1+170720

limesurvey/limesurvey (PHP):

Affected version(s) =dev-scrutinizer-patch-3 <dev-snyk-upgrade-f2061a8270a5579306cb12524f53a6d4

Fix Suggestion:

Update to version dev-snyk-upgrade-f2061a8270a5579306cb12524f53a6d4

limesurvey/limesurvey (PHP):

Affected version(s) =4.0.0-beta <4.0.0+200116

Fix Suggestion:

Update to version 4.0.0+200116

limesurvey/limesurvey (PHP):

Affected version(s) =dev-inspect34 <dev-snyk-upgrade-3ddd041b50fb018d81e7711467a35e76

Fix Suggestion:

Update to version dev-snyk-upgrade-3ddd041b50fb018d81e7711467a35e76

limesurvey/limesurvey (PHP):

Affected version(s) >=4.0.0-RC10+191202 <4.0.0-RC12+191217

Fix Suggestion:

Update to version 4.0.0-RC12+191217

limesurvey/limesurvey (PHP):

Affected version(s) =dev-fieldmap <dev-fix-composer-license-format

Fix Suggestion:

Update to version dev-fix-composer-license-format

limesurvey/limesurvey (PHP):

Affected version(s) >=3.23.6+200929 <3.25.0+201117

Fix Suggestion:

Update to version 3.25.0+201117

limesurvey/limesurvey (PHP):

Affected version(s) =dev-copy-question <dev-detached

Fix Suggestion:

Update to version dev-detached

limesurvey/limesurvey (PHP):

Affected version(s) =dev-relevance-import2 <dev-scrutinizer-patch-2

Fix Suggestion:

Update to version dev-scrutinizer-patch-2

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-new-scrutinizer <dev-scrutinizer-exclude-paths

Fix Suggestion:

Update to version dev-scrutinizer-exclude-paths

limesurvey/limesurvey (PHP):

Affected version(s) =dev-survey-activator2 <dev-dependabot/npm_and_yarn/assets/packages/adminbasics/loader-utils-2.0.3

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/assets/packages/adminbasics/loader-utils-2.0.3

limesurvey/limesurvey (PHP):

Affected version(s) =dev-sid-spaces <dev-snyk-upgrade-568d6fdaf6b84a31b10bdc2cfcabbdfd

Fix Suggestion:

Update to version dev-snyk-upgrade-568d6fdaf6b84a31b10bdc2cfcabbdfd

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-tests-lchtest <dev-travis-postgre

Fix Suggestion:

Update to version dev-travis-postgre

limesurvey/limesurvey (PHP):

Affected version(s) =dev-fix-theme-help <dev-fix-typo

Fix Suggestion:

Update to version dev-fix-typo

limesurvey/limesurvey (PHP):

Affected version(s) =dev-fix-gitignore <dev-fix-model-relations

Fix Suggestion:

Update to version dev-fix-model-relations

limesurvey/limesurvey (PHP):

Affected version(s) =dev-global-settings <dev-inject-questionattributes

Fix Suggestion:

Update to version dev-inject-questionattributes

limesurvey/limesurvey (PHP):

Affected version(s) =dev-3.x-LTS-lite <dev-clicks-test3

Fix Suggestion:

Update to version dev-clicks-test3

limesurvey/limesurvey (PHP):

Affected version(s) =dev-revert-14-scrutinizer-patch-1 <dev-snyk-upgrade-09b43073972851b96ebd7683ed5b21ab

Fix Suggestion:

Update to version dev-snyk-upgrade-09b43073972851b96ebd7683ed5b21ab

limesurvey/limesurvey (PHP):

Affected version(s) =dev-scrutinizer-patch-1 <dev-snyk-upgrade-bc996b6b018fc6ea7d4263390981c31a

Fix Suggestion:

Update to version dev-snyk-upgrade-bc996b6b018fc6ea7d4263390981c31a

limesurvey/limesurvey (PHP):

Affected version(s) =dev-booleans1 <dev-querybuilder1

Fix Suggestion:

Update to version dev-querybuilder1

limesurvey/limesurvey (PHP):

Affected version(s) >=3.0.2+180110 <3.23.5+200923

Fix Suggestion:

Update to version 3.23.5+200923

limesurvey/limesurvey (PHP):

Affected version(s) =dev-viewanswers <dev-snyk-upgrade-1eb5139e4072b633334be7fdb770a7d3

Fix Suggestion:

Update to version dev-snyk-upgrade-1eb5139e4072b633334be7fdb770a7d3

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-anonymize-tokens <dev-basic

Fix Suggestion:

Update to version dev-basic

limesurvey/limesurvey (PHP):

Affected version(s) >=4.0.0-RC2+190723 <4.0.0-alpha+181212

Fix Suggestion:

Update to version 4.0.0-alpha+181212

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-install-command-rpc <dev-kill-travis

Fix Suggestion:

Update to version dev-kill-travis

limesurvey/limesurvey (PHP):

Affected version(s) =dev-develop-innodb <dev-display-import-errors-master

Fix Suggestion:

Update to version dev-display-import-errors-master

limesurvey/limesurvey (PHP):

Affected version(s) =dev-develop <dev-develop-develop

Fix Suggestion:

Update to version dev-develop-develop

Related Resources (1)

https://github.com/limesurvey/limesurvey/commit/eaad89d9b2b0fbf4dde5edb44fe7eccbcefd0834

Do you need more information?

CVSS v4

Base Score:

2.4

Attack Vector

LOCAL

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

PASSIVE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

NONE

Subsequent System Confidentiality

LOW

Subsequent System Integrity

LOW

Subsequent System Availability

NONE

CVSS v3

Base Score:

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE