Cross-site scripting in Survey Creator

GHSA-xgj4-2hrf-j4xg · CVE-2024-28635

Published Mar 21, 2024 · Modified Jun 11, 2026

Description

Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-28635
WEB https://github.com/surveyjs/survey-creator/issues/5285
PACKAGE https://github.com/surveyjs/survey-creator
WEB https://packetstormsecurity.com/2403-exploits/surveyjssurveycreator19132-xss.txt

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes