What the vulnerability does
01Description
Unauthenticated Cross Site Scripting (XSS) in Survey Maker <= 5.2.2.5 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Unauthenticated Cross Site Scripting (XSS) in Survey Maker <= 5.2.2.5 versions.
Explanation of Vulnerability in Simple Terms
Survey Maker through version 5.2.2.5 contains a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into survey pages. When a victim visits a crafted survey link, the attacker's code executes in their browser, potentially stealing session data or redirecting them to phishing sites. No authentication is required to exploit this vulnerability.
What an attacker can do
Inject malicious JavaScript into survey pages that executes when victims view them.
Potential impact on your site
Attackers can steal visitor session cookies, redirect users to malicious sites, or deface survey content.
Conditions required to exploit
Victim must visit a crafted survey link or page containing the malicious payload.
Key dates
External resources
Related vulnerabilities