CVE-2024-22637

Name of the Vulnerable Software and Affected Versions Form Tools version 3.1.1

Description A reflected cross-site scripting (XSS) issue was discovered in Form Tools. The vulnerability is exploited via the /form builder/preview.php API endpoint, specifically when the form id parameter is used, such as /form builder/preview.php?form id=2. This allows an attacker to inject malicious scripts into the website.

Recommendations For Form Tools version 3.1.1, as a temporary workaround, consider restricting access to the /form builder/preview.php endpoint until a patch is available. Avoid using the form id parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.