CVE-2025-15479

Name of the Vulnerable Software and Affected Versions Data Illusion Zumbrunn NGSurvey Enterprise Edition version 3.6.4

Description The software contains a stored cross-site scripting issue. This affects the survey content and administration functionality, allowing authenticated remote users with survey creation or edit privileges to execute arbitrary JavaScript in other users’ browsers. This could lead to session information theft and unauthorized actions. The issue occurs because crafted survey content is rendered without proper output encoding.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.