SurveyJS Survey Creator versions 1.9.132 and below suffer from both reflective and persistent cross site scripting vulnerabilities.
2c4b91b7d1d00b6f2ac89af364e77b2b0d2b76306c60a890dee33e814441c2dc
Details:
Cross Site Scripting vulnerability in Survey JS Survey Creator v.1.9.132
and before allows an attacker to execute arbitrary code via the input field
parameters of the creator survey section.
------------------------------------------
[Vulnerability Type]
Cross Site Scripting (XSS)
------------------------------------------
[Vendor of Product]
SurveyJS
------------------------------------------
[Affected Product Code Base]
Survey Creator - v1.9.132 and before
------------------------------------------
[Affected Component]
In every input field of creator survey section vulnerable to reflected and
stored cross-site scripting.
------------------------------------------
[Attack Type]
Context-dependent
------------------------------------------
[Impact Code execution]
true
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[Attack Vectors]
some XSS filter evasion
------------------------------------------
[Reference]
https://github.com/surveyjs/survey-creator/issues/5285
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
Jettapol Pumwattanakul
Use CVE-2024-28635
#Proof of concept
Insert
[>"><img src="x:x" onerror="alert(document.cookie)">]
in input fields application reflected cross-site scripting.