Skip to main content

Surveyking

5 CVEs product

Monthly

CVE-2024-35050 HIGH POC This Week

An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID of a user that was deleted by an Admin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Surveyking
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-35049 CRITICAL POC Act Now

SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Surveyking
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-35048 MEDIUM POC This Month

An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user changes their password. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Surveyking
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-25590 MEDIUM POC This Month

SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Surveyking
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.5%
CVE-2022-26249 CRITICAL POC Act Now

Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Surveyking
NVD
CVSS 3.1
9.8
EPSS
1.8%
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID of a user that was deleted by an Admin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Surveyking
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Surveyking
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM POC This Month

An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user changes their password. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Surveyking
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Surveyking
NVD GitHub VulDB
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Surveyking
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy