3942 matches found
privilege escalation bug to creation survey-group with others group as parent
BUG ======= privilege escalation bug to creation survey-group with others group as parent\ ACCOUNT ============= 1. user-A -- superadmin\ 2. user-B -- normal user\ user-B has only create permission in survey-group . does not have view permission in survey group\ as user-B does not have view...
CVE-2023-3575 Quiz And Survey Master < 8.1.11 - Contributor+ Stored XSS
The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-3575 Quiz And Survey Master < 8.1.11 - Contributor+ Stored XSS
The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks...
PT-2023-25294 · WordPress · Quiz/Survey Master
Name of the Vulnerable Software and Affected Versions: The Quiz And Survey Master WordPress plugin versions prior to 8.1.11 Description: The issue is related to the improper sanitization and escaping of question titles, which could allow users with the Contributor role and above to perform Stored...
CVE-2022-46484
Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys...
CVE-2022-46484
Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys...
CVE-2022-46484
Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys...
CVE-2022-46485
Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details"...
CVE-2022-46484
The CVE-2022-46484 entry affects Data Illusion Survey Software Solutions NGSurvey (NGSurvey) v2.4.28 and earlier. The vulnerability enables information disclosure by allowing attackers to view the access password, which in turn could be used to access and arbitrarily submit surveys. The connected...
PT-2023-14942 · Data Illusion Survey Software Solutions · Ngsurvey
Name of the Vulnerable Software and Affected Versions: Data Illusion Survey Software Solutions ngSurvey versions 2.4.28 and below Description: The issue allows for Denial of Service when a survey contains a "Text Field", "Comment Field", or "Contact Details". Recommendations: For versions 2.4.28...
Data Illusion Survey Software Solutions NGSurvey Information Disclosure Vulnerability
ngSurvey is a Data Illusion Survey Software Solutions by ngSurvey, Inc. An information disclosure vulnerability exists in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and prior versions, which stems from a vulnerability that allows an attacker to view access passwords and arbitrarily...
CVE-2022-46484
Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys...
CVE-2022-46485
Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details"...
CVE-2022-46484
Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys...
Data Illusion Survey Software Solutions NGSurvey Security Breach
ngSurvey is a Data Illusion Survey Software Solutions by ngSurvey, Inc. A security vulnerability exists in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and earlier versions, which stems from vulnerability to denial-of-service attacks if a survey is submitted that contains Text Field,...
WordPress Quiz And Survey Master Plugin < 8.1.11 is vulnerable to Cross Site Scripting (XSS)
Software Quiz And Survey Master Type Plugin Vulnerable versions 8.1.11 Fixed in 8.1.11 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3575 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9853dd82cef9 Credits Andreas Damen...
SUSE CVE-2023-38057
An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...
CVE-2023-38057
An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...
CVE-2023-38057
An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...
Cross site scripting
An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects...