SurveyKing
by SurveyKing
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-26249 | Cri | 0.64 | 9.8 | 0.02 | Mar 24, 2022 | Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack. | ||
| CVE-2024-35049 | Cri | 0.59 | 9.1 | 0.01 | May 14, 2024 | SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Related to an incomplete fix for CVE-2022-25590. | ||
| CVE-2024-35050 | Hig | 0.57 | 8.8 | 0.01 | May 14, 2024 | An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID of a user that was deleted by an Admin. | ||
| CVE-2022-25590 | Med | 0.42 | 6.5 | 0.02 | Mar 25, 2022 | SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application. | ||
| CVE-2024-35048 | Med | 0.28 | 4.3 | 0.00 | May 14, 2024 | An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user changes their password. |
- risk 0.64cvss 9.8epss 0.02
Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack.
- risk 0.59cvss 9.1epss 0.01
SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Related to an incomplete fix for CVE-2022-25590.
- risk 0.57cvss 8.8epss 0.01
An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID of a user that was deleted by an Admin.
- risk 0.42cvss 6.5epss 0.02
SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application.
- risk 0.28cvss 4.3epss 0.00
An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user changes their password.