Btrypublished

**Name of the Vulnerable Software and Affected Versions** Formcreator versions 2.13.5 and prior **Description** A stored cross-site scripting issue is present in the Formcreator plugin, potentially allowing arbitrary javascript code execution in an admin or tech context. This is due to the use of `##FULLFORM##` for rendering. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include the use of `##FULLFORM##` which could lead to the execution of arbitrary javascript code. As a mitigation measure, using a regular expression to remove `<`, `>`, and `"` in all fields can help minimize the risk. **Recommendations** For Formcreator versions 2.13.5 and prior, as a temporary workaround, consider using a regular expression to remove `<`, `>`, and `"` in all fields to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.