CVE-2024-28635

MEDIUM

SurveyJS Survey Creator < 1.9.132 - Cross-Site Scripting via Form Title Parameter

Title source: llm

Description

Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form.

References (2)

Core 2

Core References

Exploit, Issue Tracking

https://github.com/surveyjs/survey-creator/issues/5285

Broken Link

https://packetstormsecurity.com/2403-exploits/surveyjssurveycreator19132-xss.txt

Scores

CVSS v3 6.1

EPSS 0.0012

EPSS Percentile 30.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

devsoftbaltic/survey-creator < 1.9.132

npm/survey-creator 0 - 1.9.133npm

Published Mar 21, 2024

Tracked Since Feb 18, 2026