216.73.216.133

CVE-2025-15479

· Published 07/01/2026 14:15 · Modified 08/01/2026 18:08

Labels: CVE-2025-15479 2026-01-0764c5ae8f-7972-4697-86a0-7ada793ac795CVE-2025-15479CWE-79

Essential information

Published
07/01/2026 14:15
Modified
08/01/2026 18:08
Author
Creator
CVSS
5.1 MEDIUM (v3) 5.1 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Stored cross-site scripting (XSS, CWE-79) in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms ( on Windows and Linux servers ) allows authenticated remote users with survey creation or edit privileges to execute arbitrary JavaScript in other users’ browsers, steal session information and perform unauthorized actions on their behalf via crafted survey content that is rendered without proper output encoding.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
64c5ae8f-7972-4697-86a0-7ada793ac795
NVD
View on NVD

Affected products (CPE)

ProductCPE
data illusion / zumbrunn ngsurvey enterprise edition cpe:2.3:a:data_illusion:zumbrunn_ngsurvey_enterprise_edition:3.6.4:*:*:*:*:*:*:*

References