ZSA-2021-04

Date: 2021-03-10
Affected: all versions of the Survey addon before 6.0.21
Severity: low
CVE: CVE-2021-21434

This issue was first reported by:

https://rayhan0x01.github.io/about.html

and later via pull request by:

https://github.com/znuny/Survey/pull/2

We thank both of you!

There is a XSS vulnerability in the Survey module, which can used to extract information via JavaScript.
The issue is fixed in the current release 6.0.21 which is available via the package manager or on our
downloads server.