CVE-2024-22220

Name of the Vulnerable Software and Affected Versions Terminalfour versions 7.4 through 7.4.0004 QP3 Terminalfour versions 8 through 8.3.19 Formbank versions through 2.1.10-FINAL

Description An issue allows Unauthenticated Stored Cross-Site Scripting, potentially leading to Admin Session Hijacking. The attack vectors are the Form Builder and Form Preview.

Recommendations For Terminalfour versions 7.4 through 7.4.0004 QP3, update to a version outside of this range to mitigate the risk. For Terminalfour versions 8 through 8.3.19, update to a version outside of this range to mitigate the risk. For Formbank versions through 2.1.10-FINAL, update to a version later than 2.1.10-FINAL to resolve the issue. As a temporary workaround, consider restricting access to the Form Builder and Form Preview features until a patch is available.