Lucene search

Dwsurvey Security Vulnerabilities

cve

CVE-2019-14747

DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-design!copySurvey.action surveyName parameter.

6.1CVSS

5.9AI Score

0.001EPSS

2019-08-07 04:15 PM

cve

CVE-2019-15095

DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter.

6.1CVSS

6AI Score

0.001EPSS

2019-08-16 01:15 AM

cve

CVE-2020-20070

Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allows a remote attacker to execute arbitrary code via thequltemld parameter of the qu-multi-fillblank!answers.action file.

6.1CVSS

6.4AI Score

0.001EPSS

2023-06-20 03:15 PM

cve

CVE-2021-39383

DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java.

9.8CVSS

9.7AI Score

0.005EPSS

2022-03-20 10:15 PM

cve

CVE-2021-39384

DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java.

9.8CVSS

9.6AI Score

0.002EPSS

2022-03-20 10:15 PM

cve

CVE-2023-40980

File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file.

9.8CVSS

9.6AI Score

0.002EPSS

2023-09-01 04:15 PM