CVE-2024-36043 Information

Description

question_image.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property.

Reference

https://github.com/surveyjs/survey-library/commit/b25fbf0efd4486dc55f836240bebc2305803b96d https://github.com/surveyjs/survey-library/issues/8286