In CiviCampaign, the "Survey" functionality includes a field that may be vulnerable to cross-site scripting (XSS).
CiviCRM version 5.64.3 and earlier
CiviCRM version 5.64.4, 5.65.0 and 5.63.4 (ESR)
Upgrade to the fixed version of CiviCRM
Ranjit Pahan for reporting the issue
Seamus Lee of JMA Consulting for fixing the issue