MEDIUM 6.1

GHSA-xgj4-2hrf-j4xg

Cross-site scripting in Survey Creator

상세

Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

npm / survey-creator

최초 영향 버전: 0 수정 버전: 1.9.133

수정 npm install survey-creator@1.9.133

참고

https://nvd.nist.gov/vuln/detail/CVE-2024-28635 [ADVISORY]
https://github.com/surveyjs/survey-creator/issues/5285 [WEB]
https://github.com/surveyjs/survey-creator [PACKAGE]
https://packetstormsecurity.com/2403-exploits/surveyjssurveycreator19132-xss.txt [WEB]