Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Dwsurvey
(Diaowen)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 6 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2023-09-01 | CVE-2023-40980 | File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file. | Dwsurvey | 9.8 | ||
2023-06-20 | CVE-2020-20070 | Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allows a remote attacker to execute arbitrary code via thequltemld parameter of the qu-multi-fillblank!answers.action file. | Dwsurvey | 6.1 | ||
2022-03-20 | CVE-2021-39383 | DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java. | Dwsurvey | 9.8 | ||
2022-03-20 | CVE-2021-39384 | DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java. | Dwsurvey | 9.8 | ||
2019-08-16 | CVE-2019-15095 | DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter. | Dwsurvey | 6.1 | ||
2019-08-07 | CVE-2019-14747 | DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-design!copySurvey.action surveyName parameter. | Dwsurvey | 6.1 |