Vulnerability Description
Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form.
CVSS Score
6.1
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Devsoftbaltic | Survey-Creator | <= 1.9.132 |
Related Weaknesses (CWE)
References
- https://github.com/surveyjs/survey-creator/issues/5285ExploitIssue Tracking
- https://packetstormsecurity.com/2403-exploits/surveyjssurveycreator19132-xss.txtBroken Link
- https://github.com/surveyjs/survey-creator/issues/5285ExploitIssue Tracking
- https://packetstormsecurity.com/2403-exploits/surveyjssurveycreator19132-xss.txtBroken Link
FAQ
What is CVE-2024-28635?
CVE-2024-28635 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form.
How severe is CVE-2024-28635?
CVE-2024-28635 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-28635?
Check the references section above for vendor advisories and patch information. Affected products include: Devsoftbaltic Survey-Creator.