CVE-2024-28635

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-28635
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28635.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-28635
Aliases
Published
2024-03-21T04:15:09.373Z
Modified
2026-04-10T05:15:08.711622Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form.

References

Affected packages

Git / github.com/surveyjs/survey-creator

Affected ranges

Type
GIT
Repo
https://github.com/surveyjs/survey-creator
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
0b4a1ad3d1c2bcf198f9e21cab6fabbee3f35b10
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.9.132"
        }
    ]
}

Affected versions

0.*
0.10.0
0.10.2
0.10.3
0.10.4
0.9.12
v0.*
v0.11.1
v0.12.0
v0.12.10
v0.12.12
v0.12.13
v0.12.18
v0.12.19
v0.12.20
v0.12.22
v0.12.23
v0.12.27
v0.12.28
v0.12.29
v0.12.32
v0.12.4
v0.12.6
v0.12.9
v0.9.10
v0.96.1
v0.96.2
v0.96.3
v0.97.0
v0.98.0
v0.98.1
v0.98.2
v0.98.7
v1.*
v1.0.1
v1.0.11
v1.0.15
v1.0.16
v1.0.17
v1.0.18
v1.0.19
v1.0.2
v1.0.20
v1.0.21
v1.0.22
v1.0.24
v1.0.26
v1.0.27
v1.0.28
v1.0.29
v1.0.3
v1.0.30
v1.0.31
v1.0.32
v1.0.35
v1.0.36
v1.0.37
v1.0.38
v1.0.4
v1.0.40
v1.0.43
v1.0.44
v1.0.45
v1.0.46
v1.0.47
v1.0.49
v1.0.5
v1.0.50
v1.0.51
v1.0.52
v1.0.53
v1.0.54
v1.0.55
v1.0.6
v1.0.61
v1.0.62
v1.0.63
v1.0.65
v1.0.67
v1.0.69
v1.0.72
v1.0.73
v1.0.74
v1.0.75
v1.0.78
v1.0.81
v1.0.82
v1.0.83
v1.0.85
v1.0.86
v1.0.87
v1.0.88
v1.0.9
v1.0.92
v1.0.95
v1.1.12
v1.1.13
v1.1.14
v1.1.16
v1.5.0
v1.5.1
v1.5.10
v1.5.11
v1.5.19
v1.5.3
v1.5.4
v1.5.5
v1.5.6
v1.5.9
v1.7.10
v1.7.15
v1.7.17
v1.7.18
v1.7.19
v1.7.24
v1.7.5
v1.8.1
v1.8.10
v1.8.11
v1.8.12
v1.8.43
v1.8.44
v1.8.46
v1.8.48
v1.8.49
v1.8.50
v1.8.51
v1.8.52
v1.8.53
v1.8.54
v1.8.56
v1.8.57
v1.8.58
v1.8.59
v1.8.64
v1.8.65
v1.8.66
v1.8.67
v1.8.68
v1.8.69
v1.8.7
v1.8.70
v1.8.71
v1.8.72
v1.8.73
v1.8.74
v1.8.75
v1.8.76
v1.8.77
v1.8.78
v1.8.79
v1.8.8
v1.9.0
v1.9.1
v1.9.10
v1.9.100
v1.9.101
v1.9.103
v1.9.104
v1.9.105
v1.9.106
v1.9.108
v1.9.109
v1.9.11
v1.9.110
v1.9.111
v1.9.113
v1.9.114
v1.9.115
v1.9.116
v1.9.117
v1.9.119
v1.9.120
v1.9.121
v1.9.122
v1.9.123
v1.9.124
v1.9.125
v1.9.126
v1.9.127
v1.9.128
v1.9.129
v1.9.13
v1.9.130
v1.9.131
v1.9.132
v1.9.14
v1.9.15
v1.9.16
v1.9.17
v1.9.18
v1.9.19
v1.9.2
v1.9.20
v1.9.21
v1.9.22
v1.9.23
v1.9.24
v1.9.25
v1.9.26
v1.9.27
v1.9.28
v1.9.29
v1.9.3
v1.9.31
v1.9.32
v1.9.33
v1.9.34
v1.9.35
v1.9.36
v1.9.37
v1.9.38
v1.9.39
v1.9.40
v1.9.41
v1.9.42
v1.9.43
v1.9.44
v1.9.45
v1.9.46
v1.9.47
v1.9.48
v1.9.49
v1.9.5
v1.9.50
v1.9.51
v1.9.52
v1.9.53
v1.9.54
v1.9.55
v1.9.56
v1.9.57
v1.9.58
v1.9.59
v1.9.6
v1.9.60
v1.9.61
v1.9.62
v1.9.65
v1.9.66
v1.9.68
v1.9.69
v1.9.7
v1.9.71
v1.9.71-31-g828ef9f53
v1.9.72
v1.9.74
v1.9.77
v1.9.78
v1.9.79
v1.9.8
v1.9.80
v1.9.81
v1.9.82
v1.9.83
v1.9.84
v1.9.85
v1.9.86
v1.9.87
v1.9.88
v1.9.89
v1.9.9
v1.9.93
v1.9.94
v1.9.95
v1.9.96
v1.9.97
v1.9.98
v1.9.99

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-28635.json"