Gabriel Jenik

4 exploits Active since Feb 2021
CVE-2025-63238 WRITEUP MEDIUM WRITEUP
LimeSurvey <6.15.11+250909 - XSS
A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance() function in application/models/QuestionCreate.php. This allows an attacker to craft a malicious URL and compromise the logged in user.
CVSS 6.1
CVE-2019-25019 WRITEUP CRITICAL WRITEUP
LimeSurvey <4.0.0-RC4 - SQL Injection
LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model.
CVSS 9.8
CVE-2021-42112 WRITEUP MEDIUM WRITEUP
Limesurvey < 3.27.18 - XSS
The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.
CVSS 6.1
CVE-2024-28709 WRITEUP MEDIUM WRITEUP
Limesurvey < 6.5.12\+240611 - XSS
Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.
CVSS 6.1