Description
Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form.
Recommendation
Update the survey-creator package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.9.133
- Patched version(s): 1.9.133
References
Related Issues
- pg-promise SQL Injection vulnerability - CVE-2025-29744
- njwt Prototype Pollution vulnerability - CVE-2024-34273
- Elliptic allows BER-encoded signatures - CVE-2024-42461
- ejs lacks certain pollution protection - CVE-2024-33883
- Tags:
- npm
- survey-creator
Anything's wrong? Let us know Last updated on March 21, 2024