Janesjs

**Name of the Vulnerable Software and Affected Versions** SurveyJS Form Library versions prior to 1.10.4 **Description** The issue allows for contentMode=youtube XSS via the `imageLink` property in the `question image.ts` file. This can lead to a potential XSS attack when the `contentMode` is set to `youtube`. **Recommendations** For versions prior to 1.10.4, update to version 1.10.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `imageLink` property in the `question image.ts` file to minimize the risk of exploitation.