Thomas Clair

#10553of 53,632
26.2Total CVSS
Vulnerabilities · 4
Medium
3
High
1
PT-2026-1656
5.4
2026-01-07
Data Illusion · Zumbrunn Ngsurvey Enterprise Edition · CVE-2025-15479
**Name of the Vulnerable Software and Affected Versions** Data Illusion Zumbrunn NGSurvey Enterprise Edition version 3.6.4 **Description** The software contains a stored cross-site scripting issue. This affects the survey content and administration functionality, allowing authenticated remote users with survey creation or edit privileges to execute arbitrary JavaScript in other users’ browsers. This could lead to session information theft and unauthorized actions. The issue occurs because crafted survey content is rendered without proper output encoding. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-48486
8.6
2025-12-01
Data Illusion · Zumbrunn Ngsurvey · CVE-2025-13829
**Name of the Vulnerable Software and Affected Versions** Data Illusion Zumbrunn NGSurvey (affected versions not specified) **Description** An incorrect authorization issue exists in Data Illusion Zumbrunn NGSurvey, allowing any authenticated user to access the private information of other users. This includes sensitive data such as the `APIKEY` (valid for a one-year user session), `RefreshToken` (valid for a ten-minute user session), `Password` hashed with bcrypt, `User IP`, `Email`, and `Full Name`. The issue involves unauthorized access to user data through improper authorization checks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-25316
6.1
2023-07-31
Vound · Intella Connect · CVE-2023-35791
**Name of the Vulnerable Software and Affected Versions** Vound Intella Connect version 2.6.0.3 **Description** The issue is related to an Open Redirect vulnerability. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** For version 2.6.0.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-25317
6.1
2023-07-31
Vound · Intella Connect · CVE-2023-35792
**Name of the Vulnerable Software and Affected Versions** Vound Intella Connect version 2.6.0.3 **Description** The issue is related to stored Cross-site Scripting (XSS), which allows attackers to inject malicious scripts into content from otherwise trusted websites. **Recommendations** For version 2.6.0.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.