Lucene search
K

100 matches found

NVD
NVD
added 2025/04/04 4:15 p.m.15 views

CVE-2025-32167

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in devsoftbaltic SurveyJS surveyjs allows Stored XSS.This issue affects SurveyJS: from n/a through = 1.12.20...

6.5CVSS0.00341EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/04 3:59 p.m.15 views

CVE-2025-32256 WordPress SurveyJS plugin <= 1.12.20 - Broken Access Control vulnerability

Missing Authorization vulnerability in devsoftbaltic SurveyJS surveyjs allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects SurveyJS: from n/a through = 1.12.20...

5.3CVSS0.00327EPSS
Exploits0References1
CVE
CVE
added 2025/04/04 3:59 p.m.41 views

CVE-2025-32256

CVE-2025-32256 is a missing authorization vulnerability in SurveyJS (WordPress plugin) that allows access to functionality not properly constrained by ACLs. Affected software: SurveyJS: Drag & Drop WordPress Form Builder; vulnerable versions: up to 1.12.20 (inclusive). The CVSS score is 5.3 (Medi...

5.3CVSS7.2AI score0.00327EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/04 3:58 p.m.19 views

CVE-2025-32167 WordPress SurveyJS plugin <= 1.12.20 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in devsoftbaltic SurveyJS surveyjs allows Stored XSS.This issue affects SurveyJS: from n/a through = 1.12.20...

6.5CVSS0.00341EPSS
Exploits0References1
CVE
CVE
added 2025/04/04 3:58 p.m.59 views

CVE-2025-32167

CVE-2025-32167 affects the SurveyJS WordPress form builder plugin (SurveyJS: Drag & Drop WordPress Form Builder) used on WordPress. The issue is a Stored XSS caused by improper neutralization of input during web page generation. Affected versions range up to 1.12.20. The connected documents do no...

6.5CVSS7.2AI score0.00341EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/04 3:58 p.m.10 views

CVE-2025-32167 WordPress SurveyJS plugin <= 1.12.20 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in devsoftbaltic SurveyJS allows Stored XSS. This issue affects SurveyJS: from n/a through 1.12.20...

6.5CVSS6.9AI score0.00341EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/04/04 1:39 p.m.3 views

WordPress SurveyJS plugin <= 1.12.20 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin SurveyJS versions = 1.12.20...

5.3CVSS8.4AI score0.00327EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/04 12:0 a.m.2 views

PT-2025-14950 · Surveyjs · Surveyjs

Name of the Vulnerable Software and Affected Versions: SurveyJS versions 1.12.20 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This enables attackers to inject malicious script...

6.5CVSS9.1AI score0.00341EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/04/04 12:0 a.m.3 views

WordPress plugin SurveyJS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...

6.5CVSS6.6AI score0.00341EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/04 12:0 a.m.2 views

WordPress plugin SurveyJS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

5.3CVSS6.3AI score0.00327EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/04 12:0 a.m.3 views

PT-2025-15012 · Surveyjs · Surveyjs

Name of the Vulnerable Software and Affected Versions: SurveyJS versions 1.12.20 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by Access Control Lists ACLs. This means that certain features or...

5.3CVSS6AI score0.00327EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/03/03 8:20 a.m.4 views

CVE-2024-12544

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the callback function of the SurveyJSDeleteFile class in all versions up to, and includin...

8.8CVSS7.7AI score0.00703EPSS
Exploits0References1
NVD
NVD
added 2025/03/01 8:15 a.m.7 views

CVE-2024-12544

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the callback function of the SurveyJSDeleteFile class in all versions up to, and includin...

8.8CVSS0.00703EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/01 7:24 a.m.7 views

CVE-2024-12544 SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 1.12.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion via SurveyJS_DeleteFile

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the callback function of the SurveyJSDeleteFile class in all versions up to, and includin...

8.8CVSS9AI score0.00703EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/03/01 12:0 a.m.1 views

WordPress plugin SurveyJS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

8.8CVSS8.7AI score0.00703EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/02/28 11:40 p.m.6 views

WordPress SurveyJS plugin <= 1.12.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion via SurveyJS_DeleteFile vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary File Deletion via SurveyJSDeleteFile vulnerability discovered by Thanh Nam Tran in WordPress Plugin SurveyJS versions = 1.12.17...

8.8CVSS7AI score0.00703EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/14 4:43 a.m.12 views

CVE-2024-36043

questionimage.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property...

6.1CVSS5.7AI score0.0028EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:43 a.m.7 views

CVE-2024-50427

Unrestricted Upload of File with Dangerous Type vulnerability in devsoftbaltic SurveyJS surveyjs.This issue affects SurveyJS: from n/a through = 1.9.136...

9.9CVSS5.9AI score0.01015EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2024/11/08 12:24 p.m.433 views

Exploit for CVE-2024-50427

CVE-2024-50427 SurveyJS: Drag & Drop WordPress Form Builde...

9.9CVSS7.9AI score0.01015EPSS
Exploits1
NVD
NVD
added 2024/10/29 9:15 a.m.16 views

CVE-2024-50427

Unrestricted Upload of File with Dangerous Type vulnerability in devsoftbaltic SurveyJS surveyjs.This issue affects SurveyJS: from n/a through = 1.9.136...

9.9CVSS0.01015EPSS
Exploits1References1
Rows per page
Query Builder