CVE-2024-36043

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-36043

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36043.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-36043

Published

2024-05-18T20:15:15.903Z

Modified

2025-11-20T12:26:47.161997Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

question_image.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property.

References

Affected packages

Git / github.com/surveyjs/survey-library

Affected ranges

Type: GIT
Repo: https://github.com/surveyjs/survey-library
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b25fbf0efd4486dc55f836240bebc2305803b96d

Affected versions

0.*

0.10.0

0.10.1

0.10.2

0.10.3

0.10.4

0.11

0.12.29

0.7

0.9.10

0.9.11

0.9.12

0.9.8

0.9.9

Other

travis_builds

v0.*

v0.11.1

v0.12.0

v0.12.1

v0.12.10

v0.12.11

v0.12.12

v0.12.13

v0.12.14

v0.12.15

v0.12.16

v0.12.17

v0.12.18

v0.12.19

v0.12.2

v0.12.20

v0.12.21

v0.12.22

v0.12.23

v0.12.24

v0.12.25

v0.12.26

v0.12.27

v0.12.28

v0.12.29

v0.12.3

v0.12.30

v0.12.31

v0.12.32

v0.12.33

v0.12.34

v0.12.35

v0.12.36

v0.12.4

v0.12.5

v0.12.6

v0.12.7

v0.12.8

v0.12.9

v0.95.0

v0.96.0

v0.96.1

v0.96.2

v0.96.3

v0.97.0

v0.98.0

v0.98.1

v0.98.2

v0.98.3

v0.98.4

v0.98.5

v0.98.6

v0.98.7

v012.*

v012.0

v1.*

v1.0.0

v1.0.1

v1.0.10

v1.0.11

v1.0.12

v1.0.13

v1.0.14

v1.0.15

v1.0.16

v1.0.17

v1.0.18

v1.0.19

v1.0.2

v1.0.20

v1.0.21

v1.0.22

v1.0.23

v1.0.24

v1.0.25

v1.0.26

v1.0.27

v1.0.28

v1.0.29

v1.0.3

v1.0.30

v1.0.31

v1.0.32

v1.0.33

v1.0.34

v1.0.35

v1.0.37

v1.0.38

v1.0.39

v1.0.4

v1.0.40

v1.0.41

v1.0.42

v1.0.43

v1.0.44

v1.0.45

v1.0.46

v1.0.47

v1.0.48

v1.0.49

v1.0.5

v1.0.50

v1.0.51

v1.0.52

v1.0.53

v1.0.54

v1.0.55

v1.0.56

v1.0.57

v1.0.58

v1.0.59

v1.0.6

v1.0.60

v1.0.61

v1.0.62

v1.0.63

v1.0.64

v1.0.65

v1.0.66

v1.0.67

v1.0.68

v1.0.69

v1.0.7

v1.0.70

v1.0.71

v1.0.72

v1.0.73

v1.0.74

v1.0.75

v1.0.76

v1.0.77

v1.0.78

v1.0.79

v1.0.8

v1.0.80

v1.0.81

v1.0.82

v1.0.83

v1.0.84

v1.0.85

v1.0.86

v1.0.87

v1.0.88

v1.0.89

v1.0.9

v1.0.90

v1.0.91

v1.0.92

v1.0.93

v1.0.94

v1.0.95

v1.0.96

v1.0.97

v1.0.98

v1.0.99

v1.1.0

v1.1.1

v1.1.10

v1.1.11

v1.1.12

v1.1.13

v1.1.14

v1.1.15

v1.1.16

v1.1.17

v1.1.18

v1.1.19

v1.1.2

v1.1.20

v1.1.21

v1.1.22

v1.1.23

v1.1.24

v1.1.25

v1.1.26

v1.1.27

v1.1.28

v1.1.29

v1.1.3

v1.1.30

v1.1.31

v1.1.32

v1.1.33

v1.1.4

v1.1.5

v1.1.6

v1.1.7

v1.1.8

v1.1.9

v1.10.1

v1.10.2

v1.10.3

v1.5.0

v1.5.1

v1.5.10

v1.5.11

v1.5.12

v1.5.13

v1.5.14

v1.5.15

v1.5.16

v1.5.17

v1.5.18

v1.5.19

v1.5.2

v1.5.20

v1.5.3

v1.5.4

v1.5.5

v1.5.6

v1.5.7

v1.5.8

v1.5.9

v1.7.1

v1.7.10

v1.7.11

v1.7.12

v1.7.13

v1.7.14

v1.7.15

v1.7.16

v1.7.17

v1.7.18

v1.7.19

v1.7.2

v1.7.20

v1.7.21

v1.7.22

v1.7.23

v1.7.24

v1.7.25

v1.7.26

v1.7.27

v1.7.28

v1.7.3

v1.7.4

v1.7.5

v1.7.6

v1.7.7

v1.7.8

v1.7.9

v1.8.0

v1.8.1

v1.8.10

v1.8.11

v1.8.12

v1.8.13

v1.8.14

v1.8.16

v1.8.17

v1.8.18

v1.8.19

v1.8.2

v1.8.20

v1.8.21

v1.8.22

v1.8.23

v1.8.24

v1.8.25

v1.8.26

v1.8.27

v1.8.28

v1.8.29

v1.8.3

v1.8.30

v1.8.31

v1.8.32

v1.8.33

v1.8.34

v1.8.35

v1.8.36

v1.8.37

v1.8.38

v1.8.39

v1.8.4

v1.8.40

v1.8.41

v1.8.42

v1.8.43

v1.8.44

v1.8.45

v1.8.46

v1.8.47

v1.8.49

v1.8.5

v1.8.50

v1.8.51

v1.8.52

v1.8.53

v1.8.54

v1.8.55

v1.8.56

v1.8.57

v1.8.58

v1.8.59

v1.8.6

v1.8.60

v1.8.61

v1.8.62

v1.8.63

v1.8.64

v1.8.65

v1.8.66

v1.8.67

v1.8.68

v1.8.69

v1.8.7

v1.8.70

v1.8.71

v1.8.72

v1.8.73

v1.8.74

v1.8.75

v1.8.76

v1.8.77

v1.8.78

v1.8.79

v1.8.8

v1.8.9

v1.9.0

v1.9.1

v1.9.10

v1.9.100

v1.9.101

v1.9.102

v1.9.103

v1.9.104

v1.9.105

v1.9.106

v1.9.107

v1.9.108

v1.9.109

v1.9.11

v1.9.110

v1.9.111

v1.9.112

v1.9.113

v1.9.114

v1.9.115

v1.9.116

v1.9.117

v1.9.118

v1.9.119

v1.9.12

v1.9.120

v1.9.121

v1.9.122

v1.9.123

v1.9.124

v1.9.125

v1.9.126

v1.9.127

v1.9.128

v1.9.129

v1.9.13

v1.9.130

v1.9.131

v1.9.132

v1.9.133

v1.9.134

v1.9.135

v1.9.136

v1.9.137

v1.9.138

v1.9.139

v1.9.14

v1.9.15

v1.9.16

v1.9.17

v1.9.18

v1.9.19

v1.9.2

v1.9.20

v1.9.21

v1.9.22

v1.9.23

v1.9.24

v1.9.25

v1.9.26

v1.9.27

v1.9.28

v1.9.29

v1.9.3

v1.9.30

v1.9.31

v1.9.32

v1.9.33

v1.9.34

v1.9.35

v1.9.36

v1.9.37

v1.9.38

v1.9.39

v1.9.4

v1.9.40

v1.9.41

v1.9.42

v1.9.43

v1.9.44

v1.9.45

v1.9.46

v1.9.47

v1.9.48

v1.9.49

v1.9.5

v1.9.50

v1.9.51

v1.9.52

v1.9.53

v1.9.54

v1.9.55

v1.9.56

v1.9.57

v1.9.58

v1.9.59

v1.9.6

v1.9.60

v1.9.61

v1.9.62

v1.9.63

v1.9.64

v1.9.65

v1.9.66

v1.9.67

v1.9.68

v1.9.69

v1.9.7

v1.9.70

v1.9.71

v1.9.71-31-g828ef9f53

v1.9.74

v1.9.75

v1.9.76

v1.9.77

v1.9.78

v1.9.79

v1.9.8

v1.9.80

v1.9.81

v1.9.82

v1.9.83

v1.9.84

v1.9.85

v1.9.86

v1.9.87

v1.9.88

v1.9.89

v1.9.9

v1.9.90

v1.9.91

v1.9.92

v1.9.93

v1.9.94

v1.9.95

v1.9.96

v1.9.97

v1.9.98

v1.9.99

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-36043.json"