PT-2024-31714 · Unknown · Forminator
Yoshimitsu Kato
·
Published
2024-09-08
·
Updated
2024-09-10
·
CVE-2024-45625
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Forminator versions prior to 1.34.1
Description:
A cross-site scripting vulnerability exists in the software. If this issue is exploited, an arbitrary script may be executed on the web browser of the user who follows a crafted URL and accesses the webpage with the web form created by the software.
Recommendations:
For versions prior to 1.34.1, update to version 1.34.1 or later to resolve the issue. As a temporary workaround, consider restricting access to web forms created by the software until a patch is applied. Avoid using the software to create new web forms that could be exploited until the issue is resolved.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Forminator