Description
Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form.
Recommendation
Update the survey-creator package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.9.133
- Patched version(s): 1.9.133
References
Related Issues
- Elliptic allows BER-encoded signatures - CVE-2024-42461
- crypto-js uses insecure random numbers - CVE-2020-36732
- njwt Prototype Pollution vulnerability - CVE-2024-34273
- ejs lacks certain pollution protection - CVE-2024-33883
- Tags:
- npm
- survey-creator
Anything's wrong? Let us know Last updated on March 21, 2024