VYPR
Medium severity6.1NVD Advisory· Published Apr 9, 2026· Updated Apr 16, 2026

CVE-2025-63238

CVE-2025-63238

Description

A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance() function in application/models/QuestionCreate.php. This allows an attacker to craft a malicious URL and compromise the logged in user.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:limesurvey:limesurvey:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:limesurvey:limesurvey:*:*:*:*:*:*:*:*range: <6.15.12
    • (no CPE)range: <6.15.11+250909

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.