Every CVE whose affected-product data names Diaowen Dwsurvey, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2021-39383 — CVSS 9.8 (critical): DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java.
CVE-2021-39384 — CVSS 9.8 (critical): DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java.
CVE-2023-40980 — CVSS 9.8 (critical): File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage…
CVE-2025-63248 — CVSS 7.5 (high): DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of…
CVE-2019-14747 — CVSS 6.1 (medium): DWSurvey through 2019-07-22 has stored XSS via the design/my-survey-design!copySurvey.action surveyName parameter.
CVE-2019-15095 — CVSS 6.1 (medium): DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter.
CVE-2020-20070 — CVSS 6.1 (medium): Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allows a remote attacker to execute arbitrary code via thequltemld…