PT-2019-13983 · D Soft Research · Dwsurvey

Niro001

Published

2019-08-16

Updated

2019-08-26

CVE-2019-15095

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions DWSurvey versions prior to 2019-07-22

Description The issue is related to reflected XSS, which occurs via the surveyId parameter in the "design/qu-multi-fillblank!answers.action" endpoint. This allows for potential exploitation.

Recommendations For versions prior to 2019-07-22, consider restricting access to the "design/qu-multi-fillblank!answers.action" endpoint until a fix is available, and avoid using the surveyId parameter in this endpoint to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-15095

Affected Products

Dwsurvey

PT-2019-13983 · D Soft Research · Dwsurvey

CVE-2019-15095

Weakness Enumeration

Related Identifiers

Affected Products

References · 3