PT-2024-19537 · Unknown · Form Tools
Published
2024-04-11
·
Updated
2024-04-12
·
CVE-2024-22718
CVSS v3.1
9.6
Critical
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Form Tools version 3.1.1
Description
A Cross Site Scripting (XSS) issue allows attackers to run arbitrary code via the
client id parameter in the application URL. This enables attackers to potentially execute malicious scripts on the client-side.Recommendations
For Form Tools version 3.1.1, consider restricting access to the
client id parameter in the application URL as a temporary workaround until a patch is available. Avoid using the client id parameter in the affected URL until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Form Tools