27 matches found
CVE-2025-15479
Stored cross-site scripting XSS, CWE-79 in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms on Windows and Linux servers allows authenticated remote users with survey creation or edit privileges to execute...
CVE-2025-15479 NGSurvey Enterprise 3.6.4 incorrect authorization exposes other users’ API keys and personal data
Stored cross-site scripting XSS, CWE-79 in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms on Windows and Linux servers allows authenticated remote users with survey creation or edit privileges to execute...
CVE-2025-15479
NGSurvey Enterprise Edition 3.6.4 from Data Illusion Zumbrunn is affected by a stored XSS (CWE-79) in survey content and administration functions. The vulnerability allows authenticated users with survey creation/edit privileges to inject JavaScript that executes in other users’ browsers, potenti...
CVE-2025-15479 NGSurvey Enterprise 3.6.4 incorrect authorization exposes other users’ API keys and personal data
Stored cross-site scripting XSS, CWE-79 in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms on Windows and Linux servers allows authenticated remote users with survey creation or edit privileges to execute...
Data Illusion Zumbrunn NGSurvey Enterprise Edition 安全漏洞
Data Illusion Zumbrunn NGSurvey Enterprise Edition is a questionnaire and data collection system from the Swiss company Data Illusion Zumbrunn. A security vulnerability exists in Data Illusion Zumbrunn NGSurvey Enterprise Edition version 3.6.4, which stems from improper coding of survey content a...
PT-2026-1656
Name of the Vulnerable Software and Affected Versions Data Illusion Zumbrunn NGSurvey Enterprise Edition version 3.6.4 Description The software contains a stored cross-site scripting issue. This affects the survey content and administration functionality, allowing authenticated remote users with...
CVE-2025-13829
Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in user to obtain the private information of any other user. Critical information retrieved: APIKEY 1 year user Session RefreshToken 10 minutes user Session Password hashed with bcrypt User IP Email Full Na...
CVE-2025-13829
Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in user to obtain the private information of any other user. Critical information retrieved: APIKEY 1 year user Session RefreshToken 10 minutes user Session Password hashed with bcrypt User IP Email Full Na...
Data Illusion Zumbrunn NGSurvey 安全漏洞
Data Illusion Zumbrunn NGSurvey is an online survey and data collection platform from Data Illusion Zumbrunn, Inc. A security vulnerability exists in Data Illusion Zumbrunn NGSurvey that stems from improper authorization and could allow an arbitrarily logged-in user to gain access to other users'...
EUVD-2022-49289
Malicious code in bioql PyPI...
CVE-2022-46485
Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details"...
CVE-2022-46484
Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys...
CVE-2022-46484
Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys...
Information disclosure
Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys...
CVE-2022-46485
Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details"...
CVE-2022-46485
Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details"...
CVE-2022-46485
Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details"...
Denial of service
Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details"...
CVE-2022-46485
Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details"...
CVE-2022-46484
Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys...