CVE-2025-63248
- EPSS 0.05%
- Veröffentlicht 05.11.2025 00:00:00
- Zuletzt bearbeitet 08.01.2026 17:47:08
DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of another questionnaire can enable the deletion of other questionnaires.
CVE-2023-40980
- EPSS 1.29%
- Veröffentlicht 01.09.2023 16:15:08
- Zuletzt bearbeitet 21.11.2024 08:20:21
File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file.
CVE-2020-20070
- EPSS 0.32%
- Veröffentlicht 20.06.2023 15:15:10
- Zuletzt bearbeitet 11.12.2024 17:15:09
Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allows a remote attacker to execute arbitrary code via thequltemld parameter of the qu-multi-fillblank!answers.action file.
CVE-2021-39383
- EPSS 4.71%
- Veröffentlicht 20.03.2022 22:15:07
- Zuletzt bearbeitet 21.11.2024 06:19:27
DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java.
CVE-2021-39384
- EPSS 0.36%
- Veröffentlicht 20.03.2022 22:15:07
- Zuletzt bearbeitet 21.11.2024 06:19:27
DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java.
CVE-2019-15095
- EPSS 0.24%
- Veröffentlicht 16.08.2019 01:15:09
- Zuletzt bearbeitet 21.11.2024 04:28:02
DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter.
CVE-2019-14747
- EPSS 0.22%
- Veröffentlicht 07.08.2019 16:15:12
- Zuletzt bearbeitet 21.11.2024 04:27:15
DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-design!copySurvey.action surveyName parameter.