CVE-2022-25590
MEDIUMSurveyKing v0.2.0 - Insufficient Session Expiration
Title source: llmDescription
SurveyKing v0.2.0 was discovered to retain users' session cookies after logout, allowing attackers to login to the system and access data using the browser cache when the user exits the application.
References (3)
Core 3
Core References
Product x_refsource_misc
http://surveyking.com
Product, Third Party Advisory x_refsource_misc
https://github.com/javahuang/SurveyKing
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/javahuang/SurveyKing/issues/7
Scores
CVSS v3
6.5
EPSS
0.0151
EPSS Percentile
71.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-613
Status
published
Products (1)
surveyking/surveyking
0.2.0
Published
Mar 25, 2022
Tracked Since
Feb 18, 2026