Diaowen: >> Dwsurvey >> 3.2.0 Security Vulnerabilities
File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file.
CVSS Score
9.8
EPSS Score
0.013
Published
2023-09-01
DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java.
CVSS Score
9.8
EPSS Score
0.062
Published
2022-03-20
DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-03-20
DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-16
DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-design!copySurvey.action surveyName parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-07