Home > Vulnerability Database > CVE-2024-28635

Mend.io Vulnerability Database

CVE-2024-28635

Good to know:

Date: March 20, 2024

Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form.

Language: TYPE_SCRIPT

Severity Score

6.1

Related Resources (4)

Url: https://github.com/surveyjs/survey-creator/issues/5285

Url: https://packetstormsecurity.com/2403-exploits/surveyjssurveycreator19132-xss.txt

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-28635

Url: https://www.mend.io/vulnerability-database/CVE-2024-28635

Severity Score

6.1

Top Fix

Upgrade Version

Upgrade to version survey-creator - 1.9.133

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-28635

Good to know:

Date: March 20, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (4)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?