For the last couple months the LimeSurvey project has done a lot of self-imposed security audits on the LimeSurvey code base. (Thank you to the Ubuntu Server team for pointing out first issues and giving us a head start.)
During this process several security issues have been fixed in the source code which include:

• Issues where variable manipulation was possible when register_globals in PHP is activated
• Session Data injection & manipulation
• Permanent & non-permanent XSS-issues where an attacker could try to gain access by injecting own javacript code into the application
• Session related issues where a possible attacker could take over the session and/or gain higher access privileges    

On top of that we fixed two moderate issues for the current 1.71 release which were

• Two XSS attacks for security flaws in the IE6 browser.
• Session Fixation attack

Thank you to security advisor Michal Tresner for reporting.

Exploits in the Wild: No known exploits yet. We strongly recommend to update as long it stays that way!

Solution: Update to the latest LimeSurvey 1.71+ Build 5147 or later version available from http://www.limesurvey.org

This security advisory refers to CVE-2008-2659 - LimeSurvey XSS candidate