What is GHSA-xgj4-2hrf-j4xg?

GHSA-xgj4-2hrf-j4xg is a security advisory published by GitHub Security Advisories with Medium severity. Cross-site scripting in Survey Creator

Which CVE IDs does GHSA-xgj4-2hrf-j4xg cover?

GHSA-xgj4-2hrf-j4xg covers the following CVE IDs: CVE-2024-28635. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-xgj4-2hrf-j4xg?

GHSA-xgj4-2hrf-j4xg has a CVSS v3 base score of 6.1, published by GitHub Security Advisories.

Which products are affected by GHSA-xgj4-2hrf-j4xg?

GHSA-xgj4-2hrf-j4xg affects 1 product, including: npm/survey-creator:\u003c 1.9.133.

GHSA-xgj4-2hrf-j4xgMediumCVSS 6.1

Cross-site scripting in Survey Creator

Vendor

GitHub Security Advisories

Published

March 21, 2024

Last Modified

June 11, 2026

🔗 CVE IDs covered (1)

CVE-2024-28635 →

📋 Description

Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form.

🎯 Affected products1

npm/survey-creator:< 1.9.133

🔗 References (4)

https://nvd.nist.gov/vuln/detail/CVE-2024-28635
https://github.com/surveyjs/survey-creator/issues/5285
https://packetstormsecurity.com/2403-exploits/surveyjssurveycreator19132-xss.txt
https://github.com/advisories/GHSA-xgj4-2hrf-j4xg