Niro001

**Name of the Vulnerable Software and Affected Versions** wkeyuan DWSurvey version 1.0 **Description** A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the `qultemld` parameter of the "qu-multi-fillblank!answers.action" file. **Recommendations** For wkeyuan DWSurvey version 1.0, avoid using the `qultemld` parameter in the "qu-multi-fillblank!answers.action" file until a fix is available.

**Name of the Vulnerable Software and Affected Versions** DWSurvey versions prior to 2019-07-22 **Description** The issue is related to reflected XSS, which occurs via the `surveyId` parameter in the "design/qu-multi-fillblank!answers.action" endpoint. This allows for potential exploitation. **Recommendations** For versions prior to 2019-07-22, consider restricting access to the "design/qu-multi-fillblank!answers.action" endpoint until a fix is available, and avoid using the `surveyId` parameter in this endpoint to minimize the risk of exploitation.