CVE-2024-28635 – survey-creator

Package

Manager: npm
Name: survey-creator
Vulnerable Version: >=0 <1.9.133

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00093 pctl0.27153

Details

Cross-site scripting in Survey Creator Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form.

Metadata

Created: 2024-03-21T06:33:04Z
Modified: 2024-03-21T18:58:33Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-xgj4-2hrf-j4xg/GHSA-xgj4-2hrf-j4xg.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-xgj4-2hrf-j4xg
Finding: F008
Auto approve: 1