Stored XSS Flaw in Survey Maker by Survey Maker Team
CVE-2025-22664

5.9MEDIUM

Key Information:

Vendor: Survey Maker Team
Status: Survey Maker
Vendor: CVE Published:; 4 February 2025

Summary

A stored cross-site scripting vulnerability exists in Survey Maker versions up to and including 5.1.3.5. This vulnerability arises due to improper neutralization of user input during web page generation, allowing an attacker to inject malicious scripts. When other users interact with the compromised survey, these scripts can execute in their browsers, potentially compromising sensitive information or facilitating further attacks.

Affected Version(s)

Survey Maker <= 5.1.3.5

References

https://patchstack.com/database/wordpress/plugin/survey-m...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Jan 7, 2025

Credit

astra.r3verii (Patchstack Alliance)