SurveyJS Survey Creator 1.9.132 Cross Site Scripting

SurveyJS Survey Creator 1.9.132 Cross Site Scripting: Posted Mar 19, 2024; Authored by Jettapol Pumwattanakul; SurveyJS Survey Creator versions 1.9.132 and below suffer from both reflective and persistent cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; advisories | CVE-2024-28635; SHA-256 | 2c4b91b7d1d00b6f2ac89af364e77b2b0d2b76306c60a890dee33e814441c2dc; Download | Favorite | View

SurveyJS Survey Creator 1.9.132 Cross Site Scripting

Details:

Cross Site Scripting vulnerability in Survey JS Survey Creator v.1.9.132
and before allows an attacker to execute arbitrary code via the input field
parameters of the creator survey section.

 ------------------------------------------

 [Vulnerability Type]
 Cross Site Scripting (XSS)

------------------------------------------

[Vendor of Product]
SurveyJS

------------------------------------------
[Affected Product Code Base]
Survey Creator - v1.9.132 and before

------------------------------------------
[Affected Component]
In every input field of creator survey section vulnerable to reflected and
stored cross-site scripting.

------------------------------------------
[Attack Type]
Context-dependent

------------------------------------------
[Impact Code execution]
true

------------------------------------------
[Impact Information Disclosure]
true

------------------------------------------
[Attack Vectors]
some XSS filter evasion

------------------------------------------
[Reference]
https://github.com/surveyjs/survey-creator/issues/5285

------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true

------------------------------------------
[Discoverer]
Jettapol Pumwattanakul

Use CVE-2024-28635

#Proof of concept
Insert
[>"><img src="x:x" onerror="alert(document.cookie)">]
in input fields application reflected cross-site scripting.

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 89 files
Gentoo 31 files
Debian 22 files
tmrswrr 10 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,079)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,380)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,289)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,663)
UNIX (9,426)
UnixWare (187)
Windows (6,666)
Other

SurveyJS Survey Creator 1.9.132 Cross Site Scripting

SurveyJS Survey Creator 1.9.132 Cross Site Scripting

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

SurveyJS Survey Creator 1.9.132 Cross Site Scripting

Share This

SurveyJS Survey Creator 1.9.132 Cross Site Scripting

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems