Back

CVE-2024-36043

May 18, 2024, 8:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

SurveyJS Form Library

  • before 1.10.4

Source

cve@mitre.org

Tags

cve@mitre.org
2024-05-18
CVE-2024-36043

CVE-2024-36043 details

Published : May 18, 2024, 8:15 p.m.
Last Modified : May 18, 2024, 8:15 p.m.

Description

question_image.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://github.com/surveyjs/survey-library/commit/b25fbf0efd4486dc55f836240bebc2305803b96d cve@mitre.org
https://github.com/surveyjs/survey-library/issues/8286 cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.