CVE-2024-36043
Published
CVSS v3
6.1
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
question_image.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property.
SurveyJS is an open-source JavaScript form builder library that allows developers to create dynamic forms, multi-step form wizards, and survey applications. It supports React, Angular, and Vue.js (Vue 3), and can also be used in applications built with plain JavaScript.
GitHub