Vulnerability CVE-2024-36043
Published: 2024-05-18

Description:
question_image.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property.

 References:
https://github.com/surveyjs/survey-library/commit/b25fbf0efd4486dc55f836240bebc2305803b96d
https://github.com/surveyjs/survey-library/issues/8286
Copyright 2026, cxsecurity.com

 

Back to Top