Lucene search
K

22 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:12 a.m.8 views

CVE-2024-22722

Server Side Template Injection SSTI vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application...

7.2CVSS7.6AI score0.00885EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:12 a.m.12 views

CVE-2024-22721

Cross Site Request Forgery CSRF vulnerability in Form Tools 3.1.1 allows attackers to manipulate sensitive user data via crafted link...

6.3CVSS6.9AI score0.00188EPSS
Exploits1References1
NVD
NVD
added 2024/07/21 4:15 a.m.23 views

CVE-2024-6936

A vulnerability, which was classified as problematic, has been found in formtools.org Form Tools 3.1.1. This issue affects some unknown processing of the file /admin/settings/index.php?page=accounts of the component Setting Handler. The manipulation of the argument Page Theme leads to code...

5.1CVSS0.00399EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/07/21 4:0 a.m.27 views

CVE-2024-6937 formtools.org Form Tools Import Option List edit.php curl_exec file inclusion

A vulnerability, which was classified as problematic, was found in formtools.org Form Tools 3.1.1. Affected is the function curlexec of the file /admin/forms/optionlists/edit.php of the component Import Option List. The manipulation of the argument url leads to file inclusion. It is possible to...

5.1CVSS0.00368EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/07/21 2:0 a.m.14 views

CVE-2024-6935 formtools.org Form Tools User Settings Page cross site scripting

A vulnerability classified as problematic was found in formtools.org Form Tools 3.1.1. This vulnerability affects unknown code of the file /admin/clients/ of the component User Settings Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has bee...

5.1CVSS6.2AI score0.00315EPSS
Exploits0References4
CVE
CVE
added 2024/07/21 2:0 a.m.54 views

CVE-2024-6935

Form Tools 3.1.1 is affected by a cross-site scripting vulnerability in the User Settings Page, specifically the /admin/clients/ file. The issue is triggered remotely and has publicly disclosed exploit details. Affected component/URL: /admin/clients/ within Form Tools 3.1.1. Root cause and exact ...

5.1CVSS3.6AI score0.00315EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/07/21 1:31 a.m.52 views

CVE-2024-6934

CVE-2024-6934 affects Form Tools 3.1.1 (Form Tools) with a cross-site scripting flaw in /admin/forms/add/step2.php?submission_type=direct caused by manipulation of the Form URL. Exploitation is possible remotely; multiple sources and PT Security confirm the vulnerability and note no known fix for...

5.1CVSS3.3AI score0.0039EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/04/11 8:15 p.m.21 views

CVE-2024-22722

Server Side Template Injection SSTI vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application...

7.2CVSS7.2AI score0.00885EPSS
Exploits2References1
NVD
NVD
added 2024/04/11 8:15 p.m.22 views

CVE-2024-22719

SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary SQL commands via the 'keyword' when searching for a client...

8.1CVSS7.9AI score0.00541EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/04/11 12:0 a.m.9 views

CVE-2024-22718

Cross Site Scripting XSS vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the clientid parameter in the application URL...

6.2AI score0.00657EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/04/11 12:0 a.m.18 views

CVE-2024-22722

Server Side Template Injection SSTI vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application...

7.2AI score0.00885EPSS
Exploits2References1
CVE
CVE
added 2024/04/11 12:0 a.m.83 views

CVE-2024-22718

CVE-2024-22718 is an XSS in Form Tools 3.1.1 via the client_id parameter in the application URL. Multiple sources (NVD/Red Hat/CNNVD/CVELIST) confirm a high-severity vulnerability with CVSS v3.1: base score 9.6 (CRITICAL, AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). The Red Hat entry and other issuances...

9.6CVSS6.2AI score0.00657EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/04/11 12:0 a.m.57 views

CVE-2024-22721

Form Tools 3.1.1 suffers a Cross Site Request Forgery (CSRF) vulnerability that lets an attacker manipulate sensitive user data through a crafted link. Root cause: CSRF flaw in the application’s handling of requests. Impact: unauthorized modification of user data. Exploitation details are not ful...

6.3CVSS6.8AI score0.00188EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/11 12:0 a.m.16 views

CVE-2024-22721

Cross Site Request Forgery CSRF vulnerability in Form Tools 3.1.1 allows attackers to manipulate sensitive user data via crafted link...

6.9AI score0.00188EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/04/11 12:0 a.m.33 views

CVE-2024-22722

Server Side Template Injection SSTI vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application...

7.4AI score0.00885EPSS
Exploits2References1
CVE
CVE
added 2024/04/11 12:0 a.m.49 views

CVE-2024-22717

CVE-2024-22717 concerns a Cross Site Scripting (XSS) vulnerability in Form Tools version 3.1.1, enabling attackers to run arbitrary code via the First Name field in the application. The Red Hat, NVD, CVE lists consistently describe a client-side script execution risk stemming from this input fiel...

6.1CVSS6.2AI score0.0037EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/04/11 12:0 a.m.18 views

CVE-2024-22717

Cross Site Scripting XSS vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the First Name field in the application...

6.1AI score0.0037EPSS
Exploits1References1
CVE
CVE
added 2024/04/11 12:0 a.m.96 views

CVE-2024-22722

CVE-2024-22722 is a Server-Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1. Affected component is the form-creation workflow, specifically the Group Name field under Add Forms, where SSTI can lead to arbitrary command execution. Publicly available exploit(s) exist: a GitHub proje...

7.2CVSS7.4AI score0.00885EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/04/11 12:0 a.m.15 views

CVE-2024-22719

SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary SQL commands via the 'keyword' when searching for a client...

8.3AI score0.00541EPSS
Exploits1References1
CVE
CVE
added 2024/04/11 12:0 a.m.57 views

CVE-2024-22719

CVE-2024-22719 describes an SQL injection in Form Tools 3.1.1 triggered by the keyword parameter during client search, enabling arbitrary SQL execution. Affected: Form Tools 3.1.1; root cause: unsanitized input in search; impact: high confidentiality/ integrity, CVSS v3.1 base = 8.1. Remediation:...

8.1CVSS8.2AI score0.00541EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder