CVE-2025-13829
Vulnerability Description
Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in user to obtain the private information of any other user.
Critical information retrieved:
* APIKEY (1 year user Session)
* RefreshToken (10 minutes user Session)
* Password hashed with bcrypt
* User IP
* Email
* Full Name
Critical information retrieved:
* APIKEY (1 year user Session)
* RefreshToken (10 minutes user Session)
* Password hashed with bcrypt
* User IP
* Full Name
Vulnerability Details
Published Date
Last Modified
Source
NVD
Discussion (0)
Add Comment
No comments yet. Be the first!