anonhaven
Ad

CVE-2025-70797

MEDIUM CVSS 3.1: 6.1 EPSS 0.05%
Updated Apr 16, 2026
Limesurvey
Parameter Value
CVSS 6.1 (MEDIUM)
Type CWE-79 (Cross-Site Scripting (XSS))
Vendor Limesurvey
Public PoC No

Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the Box[title] and box[url] parameters.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Limesurvey Limesurvey
cpe:2.3:a:limesurvey:limesurvey:6.15.20:251021:*:*:*:*:*:*

References 2

https://gist.github.com/masquerad3r/772ddbfbd9fd95754f4873bcb202146d
cve@mitre.org
https://github.com/LimeSurvey/LimeSurvey/pull/4356
cve@mitre.org
Share Post Share Share Share

Related Vulnerabilities

CVE-2025-63238

PHP

6.1

CVE-2025-56422

Limesurvey

9.8

CVE-2025-56421

Limesurvey

7.5

CVE-2025-41075

Limesurvey

7.5

CVE-2025-41074

Limesurvey

7.5