Skip to main content

Survey

3 CVEs product

Monthly

CVE-2023-38057 MEDIUM This Month

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Survey
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2021-27852 CRITICAL KEV THREAT Act Now

Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Survey
NVD
CVSS 3.1
9.8
EPSS
31.9%
CVE-2021-21434 MEDIUM This Month

Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Survey
NVD
CVSS 3.1
4.8
EPSS
0.7%
EPSS 0% CVSS 5.4
MEDIUM This Month

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Survey
NVD
EPSS 32% CVSS 9.8
CRITICAL KEV THREAT Act Now

Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Survey
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Survey
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy