Dwsurvey

dwsurvey

Vendor: Diaowen • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-63248 1Diaowen 1Dwsurvey Jan 8, 2026 Nov 5, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of another questionnaire can enable the deletion of other questionnaires.
CVE-2023-40980 1Diaowen 1Dwsurvey Nov 21, 2024 Sep 1, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file.
CVE-2020-20070 1Diaowen 1Dwsurvey Dec 11, 2024 Jun 20, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allows a remote attacker to execute arbitrary code via thequltemld parameter of the qu-multi-fillblank!answers.action file.
CVE-2021-39384 1Diaowen 1Dwsurvey Nov 21, 2024 Mar 20, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java.
CVE-2021-39383 1Diaowen 1Dwsurvey Nov 21, 2024 Mar 20, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java.
CVE-2019-15095 1Diaowen 1Dwsurvey Nov 21, 2024 Aug 16, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter.
CVE-2019-14747 1Diaowen 1Dwsurvey Nov 21, 2024 Aug 7, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-design!copySurvey.action surveyName parameter.