There is a Reflective XSS vulnerability when user view the survey result. The failure of the XSS filter to work properly resulted in this vulnerability， which allows remote attackers to inject arbitrary web script or stole admin's or other users cookies. The impact of the problem is serious especially when combined with CSRF vulnerability exploitation.

Vulnerability file:
/diaowen/design/qu-multi-fillblank!answers.action

PoC:
/diaowen/design/qu-multi-fillblank!answers.action?quItemId=2c9790db6c74f25f016c7536aed90022&surveyId=2c9790db6c74f25f016c7"><scr<script>ipt>alert('XSS');</script 200

@wkeyuan has this issue been addressed?
Please note that CVE-2019-15095 was assigned.