CVE-2021-20103

Name of the Vulnerable Software and Affected Versions Machform versions prior to 16

Description The issue arises from insufficient sanitization of file attachments uploaded with forms through the upload.php endpoint. This allows for stored cross-site scripting attacks. The vulnerability in the upload.php function of the Machform form creation editor exists due to inadequate protection of the web page structure, potentially allowing a remote attacker to impact the confidentiality and integrity of protected information.

Recommendations For versions prior to 16, update to version 16 or later to resolve the issue. As a temporary workaround, consider restricting access to the upload.php endpoint to minimize the risk of exploitation. Avoid using file attachments in forms until the issue is resolved.