Lucene search

GoogleOSV:GHSA-XGJ4-2HRF-J4XG

HistoryMar 21, 2024 - 6:33 a.m.

Cross-site scripting in Survey Creator

2024-03-2106:33:04

Google

osv.dev

cross-site scripting

surveyjs

survey creator

vulnerability

arbitrary code

title parameter

sensitive information

software

AI Score

6.4

Confidence

High

EPSS

Percentile

9.0%

JSON

Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form.

References

github.com/surveyjs/survey-creator

github.com/surveyjs/survey-creator/issues/5285

nvd.nist.gov/vuln/detail/CVE-2024-28635

packetstormsecurity.com/2403-exploits/surveyjssurveycreator19132-xss.txt