Gabriel Jenik

4 exploits Active since Feb 2021
CVE-2025-63238 WRITEUP MEDIUM WRITEUP
LimeSurvey < 6.15.12 - Reflected Cross-Site Scripting via gid Parameter in getInstance()
A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance() function in application/models/QuestionCreate.php. This allows an attacker to craft a malicious URL and compromise the logged in user.
CVSS 6.1
CVE-2019-25019 WRITEUP CRITICAL WRITEUP
LimeSurvey <4.0.0-RC4 - SQL Injection
LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model.
CVSS 9.8
CVE-2021-42112 WRITEUP MEDIUM WRITEUP
LimeSurvey 3.x-LTS-3.27.18 - Cross-Site Scripting in File Upload Question Functionality
The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.
CVSS 6.1
CVE-2024-28709 WRITEUP MEDIUM WRITEUP
LimeSurvey < 6.5.12+240611 - Cross-Site Scripting via Title and Comment Fields
Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.
CVSS 6.1