CVE-2025-70797
CVE-2025-70797 affects LimeSurvey (v6.15.20+251021). It enables Cross-Site Scripting via Box[title] and box[url] parameters, allowing remote execution of scripts in the context of users’ browsers. The common remediation across sources is to upgrade LimeSurvey to version 6.15.21 or newer. If upgra...