CVE-2021-20103
MachForm prior to version 16 is affected by a stored cross-site scripting vulnerability due to insufficient sanitization of file attachments uploaded with forms via upload.php. The root cause is inadequate validation/sanitization of attachments, allowing injected JavaScript to be stored and poten...