VYPR
Vendor

SurveyKing

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2022-26249CriMar 24, 2022
    risk 0.64cvss 9.8epss 0.02

    Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack.

  • CVE-2024-35049CriMay 14, 2024
    risk 0.59cvss 9.1epss 0.01

    SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Related to an incomplete fix for CVE-2022-25590.

  • CVE-2024-35050HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.01

    An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID of a user that was deleted by an Admin.

  • CVE-2022-25590MedMar 25, 2022
    risk 0.42cvss 6.5epss 0.02

    SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application.

  • CVE-2024-35048MedMay 14, 2024
    risk 0.28cvss 4.3epss 0.00

    An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user changes their password.