CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40980
https://notcve.org/view.php?id=CVE-2023-40980
01 Sep 2023 — File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file. La vulnerabilidad de carga de archivos en DWSurvey DWSurvey-OSS v3.2.0 y anteriores permite a un atacante remoto ejecutar código arbitrario a través del método "saveimage" y "savveFile" en el archivo "action/UploadAction.java". • https://github.com/wkeyuan/DWSurvey/issues/107 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20070
https://notcve.org/view.php?id=CVE-2020-20070
20 Jun 2023 — Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allows a remote attacker to execute arbitrary code via thequltemld parameter of the qu-multi-fillblank!answers.action file. • https://github.com/wkeyuan/DWSurvey/issues/48 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39384
https://notcve.org/view.php?id=CVE-2021-39384
20 Mar 2022 — DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java. Se ha detectado que DWSurvey versión v3.2.0, contiene una vulnerabilidad de escritura de archivos arbitrarios por medio del componente /utils/ToHtmlServlet.java • https://github.com/wkeyuan/DWSurvey/issues/80 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2021-39383
https://notcve.org/view.php?id=CVE-2021-39383
20 Mar 2022 — DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java. Se ha detectado que DWSurvey versión v3.2.0, contiene una vulnerabilidad de Ejecución de Comandos Remota (RCE) por medio del componente /sysuser/SysPropertyAction.java • https://github.com/wkeyuan/DWSurvey/issues/81 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15095
https://notcve.org/view.php?id=CVE-2019-15095
16 Aug 2019 — DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter. DWSurvey hasta el 22-07-2019, presenta una vulnerabilidad de tipo XSS reflejado por medio del parámetro surveyId en el archivo design/qu-multi-fillblank!answers.action. • https://github.com/wkeyuan/DWSurvey/issues/48 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14747
https://notcve.org/view.php?id=CVE-2019-14747
07 Aug 2019 — DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-design!copySurvey.action surveyName parameter. DWSurvey hasta 22-07-2019, presenta una vulnerabilidad de tipo XSS almacenado por medio del archivo design/my-survey-design!copySurvey.action en el parámetro surveyName. • https://github.com/wkeyuan/DWSurvey/issues/47 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •