18 matches found
CVE-2026-25743 OpenEMR has Stored XSS in Questionnaire answers
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, users with the "Forms administration" role can fill questionnaires "forms" in patient encounters. The answers to the forms are displayed on the encounter page and in th...
CVE-2025-63248
DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of another questionnaire can enable the deletion of other questionnaires...
CVE-2025-63248
DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of another questionnaire can enable the deletion of other questionnaires...
CVE-2025-63248
DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of another questionnaire can enable the deletion of other questionnaires...
EUVD-2025-37898
DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of another questionnaire can enable the deletion of other questionnaires...
How to Automate Security Questionnaires and Reduce Response Time
Security questionnaires take a lot of time and repetitively answering the same questions manually chews up business time…...
CVE-2024-43196
IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses...
CVE-2024-43196 IBM OpenPages data manipulation
IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses...
Best Practices for Preparing and Automating Security Questionnaires
Security questionnaires serve as essential tools for building connections and trust in the digital realm. They help in…...
How a Trust Center Solves Your Security Questionnaire Problem
Security questionnaires aren't just an inconvenience — they're a recurring problem for security and sales teams. They bleed time from organizations, filling the schedules of professionals with monotonous, automatable work. But what if there were a way to reduce or even altogether eliminate securi...
The Long-Term Impact of Log4j
In its aftermath, Log4j vulnerabilities put the spotlight on vendor management and supply chain security practices. Software suppliers should expect vendor security questionnaires to expand in scope and detail around application security practices. Its relatively easy for software buyers to...
Faculty Evaluation System 1.0 - Stored XSS
Exploit Title: Faculty Evaluation System 1.0 - Stored XSS Exploit Author: Vijay Sachdeva pwnshell Date: 2020-12-22 Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html Software Link:...
New Skill Testing Platform For 6 Most In-Demand Cybersecurity Jobs
Building a security team is a necessity for organizations of all industries and sizes. It makes selecting the right person for the job a critical task in which testing candidates' domain knowledge is a core component of the hiring process. A common practice is for each organization to put togethe...
CVE-2018-7994
Some Huawei products IPS Module V500R001C50; NGFW Module V500R001C50; V500R002C10; NIP6300 V500R001C50; NIP6600 V500R001C50; NIP6800 V500R001C50; Secospace USG6600 V500R001C50; USG9500 V500R001C50 have a memory leak vulnerability. The software does not release allocated memory properly when...
Memory leak vulnerability in multiple Huawei products (CNVD-2018-12787)
Huawei IPS Module and so on are products of Huawei, China.Huawei IPS Module is an IPS security appliance.NGFW Module is a firewall appliance.NIP6300 and so on are next-generation intrusion prevention systems. A memory leak vulnerability exists in several Huawei products, where the system fails to...
Analyzing Cyber Insurance Policies
There's a really interesting new paper analyzing over 100 different cyber insurance policies. From the abstract: In this research paper, we seek to answer fundamental questions concerning the current state of the cyber insurance market. Specifically, by collecting over 100 full insurance policies...
TYPO3 Extension ke_questionnaire 2.5.2 Information Disclosure Vulnerability
The TYPO3 extension kequestionnaire stores answered questionnaires in a publicly reachable directory on the webserver with filenames that are easily guessable. Version 2.5.2 is affected. Information Disclosure in TYPO3 Extension kequestionnaire The TYPO3 extension kequestionnaire stores answered...
PCI SSC Releases New SAQ Versions for 3.0
As expected, the SSC finally released the new version of the Self-Assessments Questionnaires SAQs today on their website. They are available on the PCI SSCs website here:...