Browse all 6 CVE security advisories affecting Limesurvey. AI-powered Chinese analysis, POCs, and references for each vulnerability.
LimeSurvey is an open-source survey tool used for collecting data through customizable forms and questionnaires. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and access control flaws. The platform has accumulated six CVEs, with some issues allowing attackers to execute arbitrary code or bypass authentication. While no major public security incidents have been widely documented, the consistent presence of vulnerabilities in areas like file handling and session management suggests potential risks for organizations deploying the software without hardening. Regular updates and proper configuration remain critical for maintaining security.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2020-36993 | LimeSurvey <= 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting — LimeSurveyCWE-79 | 5.4 | Medium | 2026-01-28 |
| CVE-2025-41076 | Multiple vulnerabilities in Limesurvey — LimeSurveyCWE-209 | 7.5 | - | 2025-11-20 |
| CVE-2025-41075 | Multiple vulnerabilities in Limesurvey — LimeSurveyCWE-835 | 6.5 | - | 2025-11-20 |
| CVE-2025-41074 | Multiple vulnerabilities in Limesurvey — LimeSurveyCWE-835 | 6.5 | - | 2025-11-20 |
| CVE-2025-41376 | CRLF Injection in Limesurvey — LimeSurveyCWE-93 | 8.8 | - | 2025-08-01 |
| CVE-2025-41375 | SQL Injection in Limesurvey — LimeSurveyCWE-89 | 8.8 | - | 2025-08-01 |
This page lists every published CVE security advisory associated with Limesurvey. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.