Vulnerability in N/a

CVE-2025-63238

A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance() function in application/models/QuestionCreate.php. This allows an attacker to craft…

EPSS: 0.000 (13.8th percentile) — read the EPSS interpretation.

Affected products

  • N/a — versions n/a

References