CVE-2024-28635

Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form.
Configurations

No configuration.

History

21 Nov 2024, 09:06

Type Values Removed Values Added
References () https://github.com/surveyjs/survey-creator/issues/5285 - () https://github.com/surveyjs/survey-creator/issues/5285 -
References () https://packetstormsecurity.com/2403-exploits/surveyjssurveycreator19132-xss.txt - () https://packetstormsecurity.com/2403-exploits/surveyjssurveycreator19132-xss.txt -

02 Aug 2024, 16:35

Type Values Removed Values Added
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
Summary
  • (es) Vulnerabilidad de Cross Site Scripting (XSS) en SurveyJS Survey Creator v.1.9.132 y anteriores, permite a los atacantes ejecutar código arbitrario y obtener información confidencial a través del parámetro de título en el formulario.

21 Mar 2024, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-21 04:15

Updated : 2024-11-21 09:06


NVD link : CVE-2024-28635

Mitre link : CVE-2024-28635

CVE.ORG link : CVE-2024-28635


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')