MEDIUM 6.1

GHSA-xgj4-2hrf-j4xg

Cross-site scripting in Survey Creator

Details

Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / survey-creator

Introduced in: 0 Fixed in: 1.9.133

Fix npm install survey-creator@1.9.133

References

https://nvd.nist.gov/vuln/detail/CVE-2024-28635 [ADVISORY]
https://github.com/surveyjs/survey-creator/issues/5285 [WEB]
https://github.com/surveyjs/survey-creator [PACKAGE]
https://packetstormsecurity.com/2403-exploits/surveyjssurveycreator19132-xss.txt [WEB]