Vulnerability DatabaseWS-2023-0244
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
WS-2023-0244
Published:May 15, 2026
Updated:May 15, 2026
Stored XSS on Survey "Notification and data function" in limesurvey/limesurvey
Affected Packages
limesurvey/limesurvey (PHP):
Affected version(s) >=3.27.29+211214 <3.27.33+220125
Fix Suggestion:
Update to version 3.27.33+220125
limesurvey/limesurvey (PHP):
Affected version(s) >=3.28.15+220616 <3.28.18+220706
Fix Suggestion:
Update to version 3.28.18+220706
limesurvey/limesurvey (PHP):
Affected version(s) >=dev-anonymize-tokens <dev-basic
Fix Suggestion:
Update to version dev-basic
limesurvey/limesurvey (PHP):
Affected version(s) =2.2.5 <2.65.2+170606
Fix Suggestion:
Update to version 2.65.2+170606
limesurvey/limesurvey (PHP):
Affected version(s) =dev-inspect-31 <dev-snyk-upgrade-53b356322f333277c170a2cf3a032ba7
Fix Suggestion:
Update to version dev-snyk-upgrade-53b356322f333277c170a2cf3a032ba7
limesurvey/limesurvey (PHP):
Affected version(s) =dev-global-settings <dev-inject-questionattributes
Fix Suggestion:
Update to version dev-inject-questionattributes
limesurvey/limesurvey (PHP):
Affected version(s) =3.27.34+220132 <3.27.35+220208
Fix Suggestion:
Update to version 3.27.35+220208
limesurvey/limesurvey (PHP):
Affected version(s) >=3.28.1+220229 <3.28.14+220608
Fix Suggestion:
Update to version 3.28.14+220608
limesurvey/limesurvey (PHP):
Affected version(s) >=dev-v3-add-import-converter <3.23.5+200923
Fix Suggestion:
Update to version 3.23.5+200923
limesurvey/limesurvey (PHP):
Affected version(s) =dev-inspect34 <dev-snyk-upgrade-3ddd041b50fb018d81e7711467a35e76
Fix Suggestion:
Update to version dev-snyk-upgrade-3ddd041b50fb018d81e7711467a35e76
limesurvey/limesurvey (PHP):
Affected version(s) =4.0.0-beta <4.0.0+200116
Fix Suggestion:
Update to version 4.0.0+200116
limesurvey/limesurvey (PHP):
Affected version(s) =dev-scrutinizer-patch-3 <dev-snyk-upgrade-f2061a8270a5579306cb12524f53a6d4
Fix Suggestion:
Update to version dev-snyk-upgrade-f2061a8270a5579306cb12524f53a6d4
limesurvey/limesurvey (PHP):
Affected version(s) =dev-copy-question <dev-detached
Fix Suggestion:
Update to version dev-detached
limesurvey/limesurvey (PHP):
Affected version(s) >=3.28.20+220719 <dev-fixv3-16987
Fix Suggestion:
Update to version dev-fixv3-16987
limesurvey/limesurvey (PHP):
Affected version(s) =dev-booleans1 <dev-querybuilder1
Fix Suggestion:
Update to version dev-querybuilder1
limesurvey/limesurvey (PHP):
Affected version(s) >=dev-install-command-rpc <dev-kill-travis
Fix Suggestion:
Update to version dev-kill-travis
limesurvey/limesurvey (PHP):
Affected version(s) =dev-fix-gitignore <dev-fix-model-relations
Fix Suggestion:
Update to version dev-fix-model-relations
limesurvey/limesurvey (PHP):
Affected version(s) =dev-revert-14-scrutinizer-patch-1 <dev-snyk-upgrade-09b43073972851b96ebd7683ed5b21ab
Fix Suggestion:
Update to version dev-snyk-upgrade-09b43073972851b96ebd7683ed5b21ab
limesurvey/limesurvey (PHP):
Affected version(s) >=3.23.6+200929 <3.27.28+211208
Fix Suggestion:
Update to version 3.27.28+211208
limesurvey/limesurvey (PHP):
Affected version(s) =dev-fix-theme-help <dev-fix-typo
Fix Suggestion:
Update to version dev-fix-typo
limesurvey/limesurvey (PHP):
Affected version(s) =dev-tests-clieck-views1 <dev-dependabot/npm_and_yarn/assets/packages/questions/timer/loader-utils-1.4.2
Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/assets/packages/questions/timer/loader-utils-1.4.2
limesurvey/limesurvey (PHP):
Affected version(s) =dev-tests-lchtest <dev-travis-apt
Fix Suggestion:
Update to version dev-travis-apt
limesurvey/limesurvey (PHP):
Affected version(s) >=dev-relevance-import2 <dev-snyk-fix-a9c10ba47e88a08c83b32a913752ea82
Fix Suggestion:
Update to version dev-snyk-fix-a9c10ba47e88a08c83b32a913752ea82
limesurvey/limesurvey (PHP):
Affected version(s) =dev-scrutinizer-patch-1 <dev-snyk-upgrade-bc996b6b018fc6ea7d4263390981c31a
Fix Suggestion:
Update to version dev-snyk-upgrade-bc996b6b018fc6ea7d4263390981c31a
limesurvey/limesurvey (PHP):
Affected version(s) =dev-develop-innodb <dev-display-import-errors-master
Fix Suggestion:
Update to version dev-display-import-errors-master
limesurvey/limesurvey (PHP):
Affected version(s) >=dev-master-innodb <dev-snyk-upgrade-568d6fdaf6b84a31b10bdc2cfcabbdfd
Fix Suggestion:
Update to version dev-snyk-upgrade-568d6fdaf6b84a31b10bdc2cfcabbdfd
limesurvey/limesurvey (PHP):
Affected version(s) =dev-develop <dev-develop-develop
Fix Suggestion:
Update to version dev-develop-develop
limesurvey/limesurvey (PHP):
Affected version(s) >=dev-travis-postgre <dev-snyk-upgrade-1eb5139e4072b633334be7fdb770a7d3
Fix Suggestion:
Update to version dev-snyk-upgrade-1eb5139e4072b633334be7fdb770a7d3
limesurvey/limesurvey (PHP):
Affected version(s) =dev-survey-activator2 <dev-dependabot/npm_and_yarn/assets/packages/adminbasics/loader-utils-2.0.3
Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/assets/packages/adminbasics/loader-utils-2.0.3
limesurvey/limesurvey (PHP):
Affected version(s) >=3.0.0-RC.1 <3.0.0-RC.3+171114
Fix Suggestion:
Update to version 3.0.0-RC.3+171114
limesurvey/limesurvey (PHP):
Affected version(s) =dev-fieldmap <dev-fix-composer-license-format
Fix Suggestion:
Update to version dev-fix-composer-license-format
Related Resources (1)
https://github.com/limesurvey/limesurvey/commit/e126e33ec8a34e5381733ca0d050354e51d90dd4
Do you need more information?
Contact Us
CVSS v4
Base Score:
7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
PASSIVE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
HIGH
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
LOW
Integrity
HIGH
Availability
NONE