Security Advisory

CVE-2025-63238

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-09 00:00:00

Last updated 2026-04-10 18:01:35

Assigner mitre

State PUBLISHED

Description

A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance() function in application/models/QuestionCreate.php. This allows an attacker to craft a malicious URL and compromise the logged in user.

← Browse all CVEs View on cve.org ↗