CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40980
https://notcve.org/view.php?id=CVE-2023-40980
01 Sep 2023 — File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file. La vulnerabilidad de carga de archivos en DWSurvey DWSurvey-OSS v3.2.0 y anteriores permite a un atacante remoto ejecutar código arbitrario a través del método "saveimage" y "savveFile" en el archivo "action/UploadAction.java". • https://github.com/wkeyuan/DWSurvey/issues/107 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-20070
https://notcve.org/view.php?id=CVE-2020-20070
20 Jun 2023 — Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allows a remote attacker to execute arbitrary code via thequltemld parameter of the qu-multi-fillblank!answers.action file. • https://github.com/wkeyuan/DWSurvey/issues/48 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-15095
https://notcve.org/view.php?id=CVE-2019-15095
16 Aug 2019 — DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter. DWSurvey hasta el 22-07-2019, presenta una vulnerabilidad de tipo XSS reflejado por medio del parámetro surveyId en el archivo design/qu-multi-fillblank!answers.action. • https://github.com/wkeyuan/DWSurvey/issues/48 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14747
https://notcve.org/view.php?id=CVE-2019-14747
07 Aug 2019 — DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-design!copySurvey.action surveyName parameter. DWSurvey hasta 22-07-2019, presenta una vulnerabilidad de tipo XSS almacenado por medio del archivo design/my-survey-design!copySurvey.action en el parámetro surveyName. • https://github.com/wkeyuan/DWSurvey/issues/47 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •