CVE-2025-63238 | LimeSurvey up to 6.15.11 URL QuestionCreate.php getInstance gid cross site scripting

Inserito da Angelo Barbosa | Apr 9, 2026 | CVE

A vulnerability was found in LimeSurvey up to 6.15.11 and classified as problematic. The affected element is the function getInstance of the file application/models/QuestionCreate.php of the component URL Handler. Executing a manipulation of the argument gid can lead to cross site scripting.

This vulnerability is handled as CVE-2025-63238. The attack can be executed remotely. There is not any exploit available.

A patch should be applied to remediate this issue.

CVE-2025-63238 | LimeSurvey up to 6.15.11 URL QuestionCreate.php getInstance gid cross site scripting

Post correlati

CVE-2024-4816 | Ruijie RG-UAC up to 20240506 gre_add_commit.php name/remote/local/IP os command injection

CVE-2024-21613 | Juniper Junos OS/Junos OS Evolved rpd memory leak (JSA75754)

CVE-2024-13058 | SoftIron HyperCloud 2.3.x/2.4.x Data Pool privileges management

CVE-2024-8899 | Jeg Elementor Kit Plugin up to 2.6.9 on WordPress sg_content_template information disclosure