CVE-2025-63238
CVE-2025-63238 is a reported Reflected Cross‑Site Scripting (XSS) in LimeSurvey prior to 6.15.11+250909. The vulnerability stems from missing validation of the gid parameter in getInstance() within application/models/QuestionCreate.php, allowing an attacker to craft a malicious URL that could com...