Surveyking: >> Surveyking >> 1.3.1 Security Vulnerabilities
SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Related to an incomplete fix for CVE-2022-25590.
CVSS Score
9.1
EPSS Score
0.003
Published
2024-05-14
An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID of a user that was deleted by an Admin.
CVSS Score
8.8
EPSS Score
0.002
Published
2024-05-14
An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user changes their password.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-05-14