Edimax EW-7438RPn 安全漏洞

Edimax EW-7438RPn is a wireless signal extender from Taiwan, China-based Edimax. A security vulnerability exists in the Edimax EW-7438RPn version 1.31, which originates from a parameter manipulation of the function formWlSiteSurvey in the file /goform/formWlSiteSurvey by the webs component, which...

EUVD-2026-31359

Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...

CVE-2026-8337 Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys when sites are running concurrent public surveys and private surveys

Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...

PT-2026-42565

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.5.0 and earlier Description An Insecure Direct Object Reference IDOR exists in the surveys feature. This occurs when a site is configured with both public and private surveys. An unauthenticated attacker can vote in a...

CVE-2023-29492

Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data...

CVE-2024-39063

Lime Survey = 6.5.12 is vulnerable to Cross Site Request Forgery CSRF. The YIICSRFTOKEN is only checked when passed in the body of POST requests, but the same check isn't performed in the equivalent GET requests...

CVE-2021-27852

Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. This issue affects: Checkbox Survey versions prior to 7...

CVE-2025-13060

A security vulnerability has been detected in SourceCodester Survey Application System 1.0. This affects an unknown function of the file /viewsurvey.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and m...

CVE-2025-9253

A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function RPdoSpecifySiteSurvey of the file /goform/RPdoSpecifySiteSurvey. The manipulation of the argument...

BIT-LIMESURVEY-2024-42901

A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file...

CVE-2024-37395

A stored cross-site scripting XSS vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Survey Title' and 'Survey Instructions' fields. This vulnerability could be exploited by...

CVE-2025-23485

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in richestsoft RS Survey rs-survey allows Reflected XSS.This issue affects RS Survey: from n/a through = 1.0...

CVE-2025-23485

CVE-2025-23485 concerns a reflected Cross-Site Scripting (XSS) in the WordPress RS Survey plugin (versions <= 1.0). The issue arises from improper input neutralization during web page generation, enabling reflected XSS when handling user-supplied input. Affected product is the RS Survey plugin...

PT-2024-30195 · Unknown · Limesurvey

Name of the Vulnerable Software and Affected Versions: Lime Survey version 6.5.12 Description: A CSV injection vulnerability in Lime Survey allows attackers to execute arbitrary code via uploading a crafted CSV file. This issue enables attackers to upload specially crafted CSV files, which can le...

Severe Android and Novi Survey Vulnerabilities Under Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency CISA has added two vulnerabilities to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The two flaws are listed below - CVE-2023-20963 CVSS score: 7.8 - Android Framework Privilege Escalation...

WordPress插件 跨站脚本漏洞

WordPress is a set of blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Contact Form, Survey...

UBUNTU-CVE-2021-21434

Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface i.e. another agent who wants to make changes in the survey. This issue affects: OTRS AG Survey 6.0.x version 6.0.20 and prior versions; 7.0.x version 7.0.19 and prior versions...

LimeSurvey Cross-Site Scripting Vulnerability (CNVD-2019-31188)

LimeSurvey formerly known as PHPSurveyor is an open source online survey program developed by the LimeSurvey team, which supports survey program development, questionnaire distribution, and data collection functions. appendix is one of the appendix components. A cross-site scripting vulnerability...

CVE-2002-0614

PHP-Survey 20000615 and earlier stores the global.inc file under the web root, which allows remote attackers to obtain sensitive information, including database credentials, if .inc files are not preprocessed by the server...