DWSurvey
by DWSurvey
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-40980 | Cri | 0.64 | 9.8 | 0.01 | Sep 1, 2023 | File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file. | ||
| CVE-2021-39384 | Cri | 0.64 | 9.8 | 0.01 | Mar 20, 2022 | DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java. | ||
| CVE-2021-39383 | Cri | 0.64 | 9.8 | 0.03 | Mar 20, 2022 | DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java. | ||
| CVE-2020-20070 | Med | 0.40 | 6.1 | 0.01 | Jun 20, 2023 | Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allows a remote attacker to execute arbitrary code via thequltemld parameter of the qu-multi-fillblank!answers.action file. | ||
| CVE-2019-15095 | Med | 0.40 | 6.1 | 0.01 | Aug 16, 2019 | DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter. | ||
| CVE-2019-14747 | Med | 0.40 | 6.1 | 0.01 | Aug 7, 2019 | DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-design!copySurvey.action surveyName parameter. | ||
| CVE-2025-63248 | 0.00 | — | 0.00 | Nov 5, 2025 | DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of another questionnaire can enable the deletion of other questionnaires. |
- risk 0.64cvss 9.8epss 0.01
File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file.
- risk 0.64cvss 9.8epss 0.01
DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java.
- risk 0.64cvss 9.8epss 0.03
DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java.
- risk 0.40cvss 6.1epss 0.01
Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allows a remote attacker to execute arbitrary code via thequltemld parameter of the qu-multi-fillblank!answers.action file.
- risk 0.40cvss 6.1epss 0.01
DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter.
- risk 0.40cvss 6.1epss 0.01
DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-design!copySurvey.action surveyName parameter.
- CVE-2025-63248Nov 5, 2025risk 0.00cvss —epss 0.00
DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of another questionnaire can enable the deletion of other questionnaires.