WS-2023-0290 | Mend Vulnerability Database

Vulnerability DatabaseWS-2023-0290

WS-2023-0290

Published:May 15, 2026

Updated:May 15, 2026

Stored XSS via user's Full Name in GitHub repository limesurvey/limesurvey prior to 6.2.0+230732.

Affected Packages

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-dependabot/npm_and_yarn/assets/packages/questions/upload/loader-utils-2.0.3 <2.2.5

Fix Suggestion:

Update to version 2.2.5

limesurvey/limesurvey (PHP):

Affected version(s) =dev-snyk-upgrade-568d6fdaf6b84a31b10bdc2cfcabbdfd <dev-survey-defaultsettings

Fix Suggestion:

Update to version dev-survey-defaultsettings

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-dependabot/npm_and_yarn/assets/packages/adminbasics/loader-utils-2.0.3 <dev-dependabot/npm_and_yarn/assets/packages/lstutorial/loader-utils-2.0.3

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/assets/packages/lstutorial/loader-utils-2.0.3

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-kill-travis <dev-master-innodb

Fix Suggestion:

Update to version dev-master-innodb

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-snyk-fix-a9c10ba47e88a08c83b32a913752ea82 <dev-snyk-upgrade-8e8193a6a781d5929de6292963cd2a21

Fix Suggestion:

Update to version dev-snyk-upgrade-8e8193a6a781d5929de6292963cd2a21

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-snyk-upgrade-f2061a8270a5579306cb12524f53a6d4 <dev-survey-booleans3

Fix Suggestion:

Update to version dev-survey-booleans3

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-snyk-upgrade-db5589e32a61db42524a88ad04a6eaba <6.2.0+230732

Fix Suggestion:

Update to version 6.2.0+230732

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-snyk-fix-76cf46bd82f4347fa5bd130cdd788057 <=dev-snyk-upgrade-b8f4dac44087b061e2e7d08aa4d95731

Fix Suggestion:

Update to version no_fix

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-snyk-upgrade-bc996b6b018fc6ea7d4263390981c31a <dev-tests-clieck-views1

Fix Suggestion:

Update to version dev-tests-clieck-views1

limesurvey/limesurvey (PHP):

Affected version(s) >=4.2.0+200422 <5.3.7+220328

Fix Suggestion:

Update to version 5.3.7+220328

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-fix-qngroup-phpdoc <dev-fix-spss-token-length

Fix Suggestion:

Update to version dev-fix-spss-token-length

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-dependabot/npm_and_yarn/assets/packages/adminbasics/terser-5.14.2 <dev-dependabot/npm_and_yarn/assets/packages/lstutorial/terser-5.14.2

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/assets/packages/lstutorial/terser-5.14.2

kevinchappell/form-builder (PHP):

Affected version(s) =dev-dependabot/npm_and_yarn/terser-4.8.1 <dev-dependabot/npm_and_yarn/lodash-4.17.21

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/lodash-4.17.21

limesurvey/limesurvey (PHP):

Affected version(s) =dev-inject-questionattributes <dev-install-command-rpc

Fix Suggestion:

Update to version dev-install-command-rpc

limesurvey/limesurvey (PHP):

Affected version(s) >=5.3.8+220404 <5.3.26+220720

Fix Suggestion:

Update to version 5.3.26+220720

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-snyk-upgrade-3ddd041b50fb018d81e7711467a35e76 <dev-redo-13161

Fix Suggestion:

Update to version dev-redo-13161

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-bug/18856-buildXMLFromQuery-limit <dev-bug/19550-fix-get-class-wihout-arguments

Fix Suggestion:

Update to version dev-bug/19550-fix-get-class-wihout-arguments

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-dependabot/npm_and_yarn/assets/packages/questions/upload/terser-5.14.2 <dev-findfix6

Fix Suggestion:

Update to version dev-findfix6

limesurvey/limesurvey (PHP):

Affected version(s) =dev-snyk-upgrade-53b356322f333277c170a2cf3a032ba7 <dev-inspect34

Fix Suggestion:

Update to version dev-inspect34

limesurvey/limesurvey (PHP):

Affected version(s) >=5.3.27+220725 <5.6.32+230731

Fix Suggestion:

Update to version 5.6.32+230731

limesurvey/limesurvey (PHP):

Affected version(s) =dev-dependabot/npm_and_yarn/assets/packages/questions/timer/loader-utils-1.4.2 <dev-detached2

Fix Suggestion:

Update to version dev-detached2

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-on-update-values-v4 <4.0.1+200120

Fix Suggestion:

Update to version 4.0.1+200120

limesurvey/limesurvey (PHP):

Affected version(s) =dev-add-app-params-to-twig <dev-add-before-get-template-event

Fix Suggestion:

Update to version dev-add-before-get-template-event

Related Resources (1)

https://huntr.dev/bounties/22fb76b7-ac9f-4d70-b244-5af7b3c8c246/

Do you need more information?

CVSS v4

Base Score:

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

PASSIVE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE