VYPR

Ngsurvey

by Data Illusion Zumbrunn

CVEs (2)

  • CVE-2025-13829HigDec 1, 2025
    risk 0.56cvss epss 0.00

    Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in user to obtain the private information of any other user. Critical information retrieved: * APIKEY (1 year user Session) * RefreshToken (10 minutes user Session) * …

  • CVE-2025-15479Jan 7, 2026
    risk 0.00cvss epss 0.00

    Stored cross-site scripting (XSS, CWE-79) in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms ( on Windows and Linux servers ) allows authenticated remote users with survey creation or…