Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

100 matches found

Cvelist
Cvelistadded 2024/10/29 8:31 a.m.23 views

CVE-2024-50427 WordPress SurveyJS plugin <= 1.9.136 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in devsoftbaltic SurveyJS surveyjs.This issue affects SurveyJS: from n/a through = 1.9.136...

9.9CVSS0.01015EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2024/10/29 8:31 a.m.14 views

CVE-2024-50427 WordPress SurveyJS plugin <= 1.9.136 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in devsoftbaltic SurveyJS surveyjs.This issue affects SurveyJS: from n/a through = 1.9.136...

9.9CVSS5.9AI score0.01015EPSS
Exploits1References1
CVE
CVEadded 2024/10/29 8:31 a.m.53 views

CVE-2024-50427

CVE-2024-50427 affects WordPress SurveyJS: Drag & Drop WordPress Form Builder up to version 1.9.136. It allows Unrestricted Upload of File with Dangerous Type (Authenticated, Subscriber level). Fixes are available in version 1.12.4; upgrade to 1.12.4 or later to mitigate. Patchstack documents the...

9.9CVSS5.9AI score0.01015EPSS
Exploits1References1
CNNVD
CNNVDadded 2024/10/29 12:0 a.m.4 views

WordPress plugin SurveyJS 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

9.9CVSS6.9AI score0.01015EPSS
Exploits1References1
Patchstack
Patchstackadded 2024/10/24 9:16 a.m.4 views

WordPress SurveyJS plugin <= 1.9.136 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin SurveyJS versions = 1.9.136...

9.9CVSS7AI score0.01015EPSS
Exploits1Affected Software1
Patchstack
Patchstackadded 2024/10/24 12:0 a.m.12 views

WordPress SurveyJS: Drag & Drop WordPress Form Builder Plugin <= 1.9.136 is vulnerable to Arbitrary File Upload

Software SurveyJS: Drag & Drop WordPress Form Builder Type Plugin Vulnerable versions = 1.9.136 Fixed in 1.12.4 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50427 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 71e521e4a742 Credits...

9.9CVSS6.8AI score0.01015EPSS
Exploits1References2Affected Software1
NVD
NVDadded 2024/05/18 8:15 p.m.14 views

CVE-2024-36043

questionimage.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property...

6.1CVSS5.7AI score0.0028EPSS
Exploits0References2
OSV
OSVadded 2024/05/18 8:15 p.m.14 views

CVE-2024-36043

questionimage.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property...

6.1CVSS5.8AI score
Exploits0References2
Vulnrichment
Vulnrichmentadded 2024/05/18 7:24 p.m.11 views

CVE-2024-36043

questionimage.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property...

5.9AI score0.0028EPSS
Exploits0References2
Cvelist
Cvelistadded 2024/05/18 7:24 p.m.30 views

CVE-2024-36043

questionimage.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property...

5.6AI score0.0028EPSS
Exploits0References2
CVE
CVEadded 2024/05/18 7:24 p.m.96 views

CVE-2024-36043

The CVE-2024-36043 issue affects SurveyJS Form Library prior to 1.10.4, where question_image.ts allows a contentMode=youtube XSS through the imageLink property. The documented impact is Cross Site Scripting via imageLink, requiring contentMode=youtube to exploit. Mitigation: upgrade to version 1....

6.1CVSS5.7AI score0.0028EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2024/05/18 12:0 a.m.5 views

PT-2024-26860 · Unknown · Surveyjs Form Library

Name of the Vulnerable Software and Affected Versions: SurveyJS Form Library versions prior to 1.10.4 Description: The issue allows for contentMode=youtube XSS via the imageLink property in the question image.ts file. This can lead to a potential XSS attack when the contentMode is set to youtube...

6.1CVSS6AI score0.0028EPSS
Exploits0References8
CNNVD
CNNVDadded 2024/05/18 12:0 a.m.5 views

SurveyJS Form Library 安全漏洞

SurveyJS Form Library is a free client-side component of SurveyJS open source using the MIT license. A security vulnerability exists in SurveyJS Form Library versions prior to 1.10.4 that stems from allowing cross-site scripting attacks via the imageLink attribute...

6.1CVSS6AI score0.0028EPSS
Exploits0References3
OSV
OSVadded 2024/03/21 6:33 a.m.9 views

GHSA-XGJ4-2HRF-J4XG Cross-site scripting in Survey Creator

Cross Site Scripting XSS vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form...

6.1CVSS6.1AI score0.00508EPSS
Exploits2References4
NVD
NVDadded 2024/03/21 4:15 a.m.11 views

CVE-2024-28635

Cross Site Scripting XSS vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form...

6.1CVSS5.9AI score0.00508EPSS
Exploits2References2
OSV
OSVadded 2024/03/21 4:15 a.m.4 views

CVE-2024-28635

Cross Site Scripting XSS vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form...

6.1CVSS6.4AI score
Exploits0References2
Cvelist
Cvelistadded 2024/03/21 12:0 a.m.17 views

CVE-2024-28635

Cross Site Scripting XSS vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form...

6.1AI score0.00508EPSS
Exploits2References2
CVE
CVEadded 2024/03/21 12:0 a.m.48 views

CVE-2024-28635

CVE-2024-28635 describes a Cross-Site Scripting (XSS) vulnerability in SurveyJS Survey Creator, version 1.9.132 and earlier, caused by improper handling of the title parameter in a form. The issue allows an attacker to execute arbitrary code and potentially access sensitive information via the fo...

6.1CVSS6.1AI score0.00508EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichmentadded 2024/03/21 12:0 a.m.8 views

CVE-2024-28635

Cross Site Scripting XSS vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form...

6.2AI score0.00508EPSS
Exploits2References2
Packet Storm
Packet Stormadded 2024/03/19 12:0 a.m.306 views

SurveyJS Survey Creator 1.9.132 Cross Site Scripting

Details: Cross Site Scripting vulnerability in Survey JS Survey Creator v.1.9.132 and before allows an attacker to execute arbitrary code via the input field parameters of the creator survey section. ------------------------------------------ Vulnerability Type Cross Site Scripting XSS...

7.4AI score0.00508EPSS
Exploits2
Rows per page
Query Builder