CVE-2024-36043

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-36043

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36043.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-36043

Published

2024-05-18T20:15:15.903Z

Modified

2026-04-10T05:17:56.368765Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

question_image.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property.

References

Affected packages

Git / github.com/surveyjs/survey-library

Affected ranges

Type

GIT

Repo

https://github.com/surveyjs/survey-library

Events

Introduced

Fixed

a07d2fc632cda596ce7f8ea2837c701b669e80fb

Fixed

b25fbf0efd4486dc55f836240bebc2305803b96d

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.10.4"
        }
    ]
}

Affected versions

0.*

0.10.0

0.10.1

0.10.2

0.10.3

0.10.4

0.12.29

0.7

0.9.10

0.9.11

0.9.12

0.9.8

0.9.9

Other

travis_builds

v0.*

v0.12.0

v0.12.1

v0.12.10

v0.12.11

v0.12.17

v0.12.18

v0.12.19

v0.12.2

v0.12.21

v0.12.23

v0.12.25

v0.12.29

v0.12.3

v0.12.6

v0.12.9

v0.96.1

v0.96.3

v0.98.1

v0.98.2

v0.98.3

v0.98.4

v0.98.7

v012.*

v012.0

v1.*

v1.0.10

v1.0.12

v1.0.13

v1.0.15

v1.0.16

v1.0.17

v1.0.18

v1.0.20

v1.0.21

v1.0.26

v1.0.27

v1.0.28

v1.0.29

v1.0.3

v1.0.30

v1.0.31

v1.0.33

v1.0.34

v1.0.35

v1.0.43

v1.0.44

v1.0.45

v1.0.46

v1.0.47

v1.0.48

v1.0.49

v1.0.51

v1.0.52

v1.0.53

v1.0.54

v1.0.55

v1.0.56

v1.0.58

v1.0.61

v1.0.62

v1.0.63

v1.0.64

v1.0.65

v1.0.67

v1.0.69

v1.0.72

v1.0.75

v1.0.77

v1.0.82

v1.0.83

v1.0.86

v1.0.9

v1.0.93

v1.0.94

v1.0.97

v1.0.98

v1.1.13

v1.1.17

v1.1.18

v1.1.19

v1.1.20

v1.1.21

v1.1.22

v1.1.25

v1.1.27

v1.1.28

v1.1.29

v1.1.30

v1.1.31

v1.10.1

v1.10.2

v1.10.3

v1.5.0

v1.5.1

v1.5.10

v1.5.13

v1.5.15

v1.5.19

v1.5.20

v1.5.3

v1.5.4

v1.5.6

v1.7.1

v1.7.12

v1.7.16

v1.7.19

v1.7.28

v1.7.3

v1.7.6

v1.7.7

v1.8.1

v1.8.11

v1.8.29

v1.8.3

v1.8.30

v1.8.33

v1.8.34

v1.8.39

v1.8.40

v1.8.45

v1.8.49

v1.8.50

v1.8.51

v1.8.52

v1.8.53

v1.8.54

v1.8.55

v1.8.56

v1.8.57

v1.8.58

v1.8.59

v1.8.61

v1.8.62

v1.8.63

v1.8.64

v1.8.65

v1.8.66

v1.8.67

v1.8.68

v1.8.69

v1.8.70

v1.8.71

v1.8.72

v1.8.73

v1.8.74

v1.8.75

v1.8.77

v1.8.78

v1.8.79

v1.9.0

v1.9.1

v1.9.10

v1.9.100

v1.9.101

v1.9.103

v1.9.104

v1.9.105

v1.9.106

v1.9.107

v1.9.108

v1.9.109

v1.9.11

v1.9.110

v1.9.111

v1.9.112

v1.9.113

v1.9.114

v1.9.115

v1.9.116

v1.9.117

v1.9.118

v1.9.119

v1.9.12

v1.9.120

v1.9.121

v1.9.122

v1.9.123

v1.9.124

v1.9.125

v1.9.126

v1.9.127

v1.9.128

v1.9.131

v1.9.132

v1.9.133

v1.9.135

v1.9.136

v1.9.137

v1.9.138

v1.9.139

v1.9.14

v1.9.15

v1.9.16

v1.9.17

v1.9.18

v1.9.19

v1.9.2

v1.9.20

v1.9.21

v1.9.22

v1.9.23

v1.9.24

v1.9.25

v1.9.26

v1.9.27

v1.9.28

v1.9.3

v1.9.30

v1.9.31

v1.9.32

v1.9.33

v1.9.34

v1.9.35

v1.9.36

v1.9.37

v1.9.39

v1.9.4

v1.9.40

v1.9.41

v1.9.42

v1.9.43

v1.9.44

v1.9.45

v1.9.46

v1.9.47

v1.9.48

v1.9.49

v1.9.5

v1.9.50

v1.9.51

v1.9.52

v1.9.54

v1.9.55

v1.9.56

v1.9.57

v1.9.58

v1.9.59

v1.9.6

v1.9.60

v1.9.61

v1.9.62

v1.9.63

v1.9.64

v1.9.65

v1.9.67

v1.9.68

v1.9.69

v1.9.7

v1.9.70

v1.9.71-31-g828ef9f53

v1.9.74

v1.9.75

v1.9.76

v1.9.77

v1.9.78

v1.9.79

v1.9.8

v1.9.80

v1.9.81

v1.9.82

v1.9.83

v1.9.84

v1.9.85

v1.9.86

v1.9.87

v1.9.88

v1.9.89

v1.9.9

v1.9.90

v1.9.91

v1.9.92

v1.9.93

v1.9.94

v1.9.95

v1.9.96

v1.9.97

v1.9.98

v1.9.99

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36043.json"