Known Vulnerabilities for LimeSurvey by Na
Listed below are 4 of the newest known vulnerabilities associated with "LimeSurvey" by "Na".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-50636 json | The RemoteControl API methods invite_participants and remind_participants pass a caller-supplied token-ID array into TokenDyn... | Not Provided | 2026-06-09 | 2026-06-09 |
| CVE-2026-50635 json | LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it. The optio... | Not Provided | 2026-06-09 | 2026-06-09 |
| CVE-2025-70797 json | Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the ... | Not Provided | 2026-04-09 | 2026-04-09 |
| CVE-2025-63238 json | A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of ... | Not Provided | 2026-04-09 | 2026-04-10 |