Medium severity6.1NVD Advisory· Published Apr 9, 2026· Updated Apr 16, 2026
CVE-2025-63238
CVE-2025-63238
Description
A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance() function in application/models/QuestionCreate.php. This allows an attacker to craft a malicious URL and compromise the logged in user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:limesurvey:limesurvey:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:limesurvey:limesurvey:*:*:*:*:*:*:*:*range: <6.15.12
- (no CPE)range: <6.15.11+250909
Patches
Vulnerability mechanics
References
2- github.com/LimeSurvey/LimeSurvey/commit/80769a677dc82ddb1fcced4af19bd959d583208dnvdPatch
- gist.github.com/masquerad3r/f913ab479e8de2ad71987ef98a088fb5nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.