ngsurvey CVE Vulnerabilities & Metrics

Focus on ngsurvey vulnerabilities and metrics.

Last updated: 15 Feb 2026, 23:25 UTC

About ngsurvey Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with ngsurvey. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total ngsurvey CVEs: 3
Earliest CVE date: 02 Aug 2023, 14:15 UTC
Latest CVE date: 07 Jan 2026, 14:15 UTC

Latest CVE reference: CVE-2025-15479

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical ngsurvey CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	3
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS ngsurvey CVEs

These are the five CVEs with the highest CVSS scores for ngsurvey, sorted by severity first and recency.

CVE-2025-15479 ngsurvey Published on 07 Jan 2026, 14:15 UTC (CVSS: 0)
Stored cross-site scripting (XSS, CWE-79) in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms ( on Windows and Linux servers ) allows authenticated remote users with survey creation or edit privileges to execute arbitrary JavaScript in other users’ browsers, steal session information and perform unauthori...
CVE-2022-46484 ngsurvey Published on 02 Aug 2023, 15:15 UTC (CVSS: 0)
Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys.
CVE-2022-46485 ngsurvey Published on 02 Aug 2023, 14:15 UTC (CVSS: 0)
Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details".

All CVEs for ngsurvey

CVE-2025-15479 ngsurvey vulnerability CVSS: 0 07 Jan 2026, 14:15 UTC

Stored cross-site scripting (XSS, CWE-79) in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms ( on Windows and Linux servers ) allows authenticated remote users with survey creation or edit privileges to execute arbitrary JavaScript in other users’ browsers, steal session information and perform unauthorized actions on their behalf via crafted survey content that is rendered without proper output encoding.

CVE-2022-46484 ngsurvey vulnerability CVSS: 0 02 Aug 2023, 15:15 UTC

Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys.

CVE-2022-46485 ngsurvey vulnerability CVSS: 0 02 Aug 2023, 14:15 UTC

Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details".