VYPR
Vendor

DWSurvey

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2023-40980CriSep 1, 2023
    risk 0.64cvss 9.8epss 0.01

    File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file.

  • CVE-2021-39384CriMar 20, 2022
    risk 0.64cvss 9.8epss 0.01

    DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java.

  • CVE-2021-39383CriMar 20, 2022
    risk 0.64cvss 9.8epss 0.03

    DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java.

  • CVE-2020-20070MedJun 20, 2023
    risk 0.40cvss 6.1epss 0.01

    Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allows a remote attacker to execute arbitrary code via thequltemld parameter of the qu-multi-fillblank!answers.action file.

  • CVE-2019-15095MedAug 16, 2019
    risk 0.40cvss 6.1epss 0.01

    DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter.

  • CVE-2019-14747MedAug 7, 2019
    risk 0.40cvss 6.1epss 0.01

    DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-design!copySurvey.action surveyName parameter.

  • CVE-2025-63248Nov 5, 2025
    risk 0.00cvss epss 0.00

    DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of another questionnaire can enable the deletion of other questionnaires.