Medium severity6.1NVD Advisory· Published Apr 9, 2026· Updated Apr 16, 2026
CVE-2025-70797
CVE-2025-70797
Description
Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the Box[title] and box[url] parameters.
Affected products
1- cpe:2.3:a:limesurvey:limesurvey:6.15.20:251021:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- gist.github.com/masquerad3r/772ddbfbd9fd95754f4873bcb202146dnvdExploitThird Party Advisory
- github.com/LimeSurvey/LimeSurvey/pull/4356nvdIssue Tracking
News mentions
0No linked articles in our index yet.