lapiudevgit

2 exploits Active since Oct 2024
CVE-2025-63238 WRITEUP MEDIUM WRITEUP
LimeSurvey < 6.15.12 - Reflected Cross-Site Scripting via gid Parameter in getInstance()
A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance() function in application/models/QuestionCreate.php. This allows an attacker to craft a malicious URL and compromise the logged in user.
CVSS 6.1
CVE-2024-28709 WRITEUP MEDIUM WRITEUP
LimeSurvey < 6.5.12+240611 - Cross-Site Scripting via Title and Comment Fields
Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields.
CVSS 6.1