Moderate severityNVD Advisory· Published Mar 21, 2024· Updated Aug 2, 2024

CVE-2024-28635

Description

Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
survey-creatornpm	< 1.9.133	1.9.133

Affected products

SurveyJS/Survey Creatordescription
ghsa-coords
pkg:npm/survey-creator
Range: < 1.9.133

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-xgj4-2hrf-j4xgghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-28635ghsaADVISORY
github.com/surveyjs/survey-creator/issues/5285ghsaWEB
packetstormsecurity.com/2403-exploits/surveyjssurveycreator19132-xss.txtghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000