Atsuya Yoda

**Name of the Vulnerable Software and Affected Versions** Survey Maker versions prior to 3.6.4 **Description** The issue is a stored cross-site scripting vulnerability. If exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product with administrative privilege. **Recommendations** For versions prior to 3.6.4, update to version 3.6.4 or later to resolve the issue. As a temporary workaround, consider restricting access to administrative privileges until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Survey Maker versions prior to 3.6.4 **Description** The issue is related to insufficient verification of data authenticity, allowing a remote unauthenticated attacker to spoof an IP address when posting. **Recommendations** For versions prior to 3.6.4, update to version 3.6.4 or later to resolve the issue.