• LimeSurvey - the most popular
    Free Open Source Software survey tool on the web.

  • Why use LimeSurvey and not some other commercial tool?

    Why use LimeSurvey and not some other commercial tool?

    • Free: Install where you want and as many times as you like - no costs.
    • Open Source: Inspect the source code, change it to do your bidding or create plugins to do so.
    • Free & Open Source: No costs, extend it!
    • Data safety: Sensitive response data stays in your hands - saved on your own servers.
    • Data safety: All data stays on your own server.
    • Limitless: Collect responses without limits, create an unlimited number of surveys
    • Limitless: No limits on surveys & responses
    • International: Available in 80 (yes, eighty!) languages
    • International: Supports >80 languages
    • Borderless: Export & import numerous formats used for surveys, responses and label sets
    • Borderless: Im-/export your data in various formats!

    Check out our extensive feature list...

  • What if I need support?

    What if I need support?

    We have it all in case you need it:

    • Literary: A detailed manual in various languages
    • Outsourcing: Try our own professional hosting service LimeService
    • Huge community: Community support by using our forums and IRC
    • Professional support: Any service needed is available by the licensed Official LimeSurvey Partners

    Look at our support options...

For the last couple months the LimeSurvey project has done a lot of self-imposed security audits on the LimeSurvey code base. (Thank you to the Ubuntu Server team for pointing out first issues and giving us a head start.)
During this process several security issues have been fixed in the source code which include:

  • Issues where variable manipulation was possible when register_globals in PHP is activated
  • Session Data injection & manipulation
  • Permanent & non-permanent XSS-issues where an attacker could try to gain access by injecting own javacript code into the application
  • Session related issues where a possible attacker could take over the session and/or gain higher access privileges    
Most of these issue were already fixed for 1.71 stable. (Affected versions: 1.70+ (all builds) and older)

On top of that we fixed two moderate issues for the current 1.71 release which were

  • Two XSS attacks for security flaws in the IE6 browser.
  • Session Fixation attack

Thank you to security advisor Michal Tresner for reporting.

Exploits in the Wild: No known exploits yet. We strongly recommend to update as long it stays that way!

Update to the latest LimeSurvey 1.71+ Build 5147 or later version available from http://www.limesurvey.org

This security advisory refers to CVE-2008-2659 - LimeSurvey XSS candidate



Survey respondents needed? Book respondents from 40+ countries for your research survey at http://www.intsamp.com
NuSPhere PhpEd logo
The LimeSurvey project uses PhpEd from Nusphere - one great PHP development IDE for Windows.
Imprint                   Data Protection Statement

Ohloh badge