WS-2023-0358 | Mend Vulnerability Database

Vulnerability DatabaseWS-2023-0358

WS-2023-0358

Published:May 15, 2026

Updated:May 15, 2026

Reflected XSS in LimeSurvey via userid parameter in limesurvey before 6.2.7+230918.

Affected Packages

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-kill-travis <dev-master-innodb

Fix Suggestion:

Update to version dev-master-innodb

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-dependabot/npm_and_yarn/assets/packages/questions/upload/terser-5.14.2 <dev-findfix6

Fix Suggestion:

Update to version dev-findfix6

limesurvey/limesurvey (PHP):

Affected version(s) =dev-add-app-params-to-twig <dev-add-before-get-template-event

Fix Suggestion:

Update to version dev-add-before-get-template-event

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-dependabot/npm_and_yarn/assets/packages/adminbasics/terser-5.14.2 <dev-dependabot/npm_and_yarn/assets/packages/lstutorial/terser-5.14.2

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/assets/packages/lstutorial/terser-5.14.2

limesurvey/limesurvey (PHP):

Affected version(s) >=4.2.0+200422 <5.3.7+220328

Fix Suggestion:

Update to version 5.3.7+220328

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-bug/18856-buildXMLFromQuery-limit <dev-bug/19550-fix-get-class-wihout-arguments

Fix Suggestion:

Update to version dev-bug/19550-fix-get-class-wihout-arguments

limesurvey/limesurvey (PHP):

Affected version(s) >=5.3.27+220725 <5.6.16+230418

Fix Suggestion:

Update to version 5.6.16+230418

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-snyk-fix-a9c10ba47e88a08c83b32a913752ea82 <dev-snyk-upgrade-8e8193a6a781d5929de6292963cd2a21

Fix Suggestion:

Update to version dev-snyk-upgrade-8e8193a6a781d5929de6292963cd2a21

limesurvey/limesurvey (PHP):

Affected version(s) >=5.3.8+220404 <5.3.26+220720

Fix Suggestion:

Update to version 5.3.26+220720

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-snyk-upgrade-f2061a8270a5579306cb12524f53a6d4 <dev-survey-booleans3

Fix Suggestion:

Update to version dev-survey-booleans3

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-snyk-upgrade-3ddd041b50fb018d81e7711467a35e76 <dev-redo-13161

Fix Suggestion:

Update to version dev-redo-13161

limesurvey/limesurvey (PHP):

Affected version(s) =dev-snyk-upgrade-568d6fdaf6b84a31b10bdc2cfcabbdfd <dev-survey-defaultsettings

Fix Suggestion:

Update to version dev-survey-defaultsettings

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-snyk-fix-76cf46bd82f4347fa5bd130cdd788057 <=dev-snyk-upgrade-b8f4dac44087b061e2e7d08aa4d95731

Fix Suggestion:

Update to version no_fix

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-dependabot/npm_and_yarn/assets/packages/questions/upload/loader-utils-2.0.3 <2.2.5

Fix Suggestion:

Update to version 2.2.5

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-snyk-upgrade-db5589e32a61db42524a88ad04a6eaba <6.2.7+230918

Fix Suggestion:

Update to version 6.2.7+230918

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-on-update-values-v4 <4.0.1+200120

Fix Suggestion:

Update to version 4.0.1+200120

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-snyk-upgrade-bc996b6b018fc6ea7d4263390981c31a <dev-tests-clieck-views1

Fix Suggestion:

Update to version dev-tests-clieck-views1

limesurvey/limesurvey (PHP):

Affected version(s) =dev-dependabot/npm_and_yarn/assets/packages/questions/timer/loader-utils-1.4.2 <dev-detached2

Fix Suggestion:

Update to version dev-detached2

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-fix-qngroup-phpdoc <dev-fix-spss-token-length

Fix Suggestion:

Update to version dev-fix-spss-token-length

limesurvey/limesurvey (PHP):

Affected version(s) >=dev-dependabot/npm_and_yarn/assets/packages/adminbasics/loader-utils-2.0.3 <dev-dependabot/npm_and_yarn/assets/packages/lstutorial/loader-utils-2.0.3

Fix Suggestion:

Update to version dev-dependabot/npm_and_yarn/assets/packages/lstutorial/loader-utils-2.0.3

limesurvey/limesurvey (PHP):

Affected version(s) =dev-inject-questionattributes <dev-install-command-rpc

Fix Suggestion:

Update to version dev-install-command-rpc

limesurvey/limesurvey (PHP):

Affected version(s) =dev-snyk-upgrade-53b356322f333277c170a2cf3a032ba7 <dev-inspect34

Fix Suggestion:

Update to version dev-inspect34

Related Resources (1)

https://github.com/limesurvey/limesurvey/commit/ef00d4890d98a0667c7774113e318270d54a902e

Do you need more information?

CVSS v4

Base Score:

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

PASSIVE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE