PT-2022-16391 · Ws Form · Ws Form
Felipe Restrepo Rodriguez
·
Published
2022-02-28
·
Updated
2022-03-08
·
CVE-2022-23988
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WS Form LITE and Pro versions prior to 1.8.176
Description
The issue allows an unauthenticated attacker to submit XSS payloads through unsanitized and unescaped form data. When a privileged user views the related submission, the XSS payload will be executed.
Recommendations
For versions prior to 1.8.176, update to version 1.8.176 or later to resolve the issue. As a temporary workaround, consider restricting access to form submissions for privileged users until the update is applied.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ws Form