Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

surveyking

Source -

ADPNVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

2

CISA CVEs -

0

NVD CVEs -

4
Related CVEsRelated ProductsRelated AssignersReports
4Vulnerabilities found
CVE-2024-35050
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.24% / 47.17%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 13:20
Updated-23 Apr, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID of a user that was deleted by an Admin.

Action-Not Available
Vendor-surveykingn/asurveyking
Product-surveykingn/asurveyking
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2024-35049
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.29% / 51.74%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 13:20
Updated-23 Apr, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Related to an incomplete fix for CVE-2022-25590.

Action-Not Available
Vendor-surveykingn/asurveyking
Product-surveykingn/asurveyking
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2024-35048
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.91%
||
7 Day CHG~0.00%
Published-13 May, 2024 | 13:20
Updated-23 Apr, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user changes their password.

Action-Not Available
Vendor-surveykingn/ajavahuang
Product-surveykingn/asurveyking
CWE ID-CWE-613
Insufficient Session Expiration
CVE-2022-25590
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.38% / 58.67%
||
7 Day CHG~0.00%
Published-25 Mar, 2022 | 18:50
Updated-03 Aug, 2024 | 04:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application.

Action-Not Available
Vendor-surveykingn/a
Product-surveykingn/a
CWE ID-CWE-613
Insufficient Session Expiration