Cross-site scripting in Survey Creator

Severity:: Medium

Description

Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form.

Recommendation

Update the survey-creator package to the latest compatible version. Followings are version details:

Affected version(s): < 1.9.133
Patched version(s): 1.9.133

References

GHSA-xgj4-2hrf-j4xg
packetstormsecurity.com
CVE-2024-28635
CWE-79
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

Slim Select has potential Cross-site Scripting issue - CVE-2024-9440
Cross-site scripting (XSS) in the clipboard package - CVE-2024-45613
Cross site scripting in markdown-to-jsx - CVE-2024-21535
VvvebJs Reflected Cross-Site Scripting (XSS) vulnerability - CVE-2024-29271

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; survey-creator

Anything's wrong? Let us know Last updated on March 21, 2024