CVE-2021-38143

CVE-2021-38143 (Form Tools) affects Form Tools up to version 3.0.20. An issue allows stored XSS: when an administrator creates a customer account, the customer can log in and change the name/last name fields; these fields are vulnerable to XSS payload insertion and the attack is triggered in the ...

CVE-2021-38144

Form Tools up to version 3.0.20 contains a cross‑site scripting (XSS) vulnerability that can be triggered via the submission_id parameter when viewing a form (e.g., clients/forms/edit_submission.php?form_id=1&view_id=1&submission_id=[XSS]). The issue is described as Reflected XSS in the CVE descr...

CVE-2021-38145

The CVE-2021-38145 entry applies to Form Tools up to version 3.0.20, where a SQL injection is possible via the export_group_id parameter when a low-privilege user attempts to export a form containing data (e.g., via modules/export_manager/export.php?export_group_id=1&export_group_1_results=all&ex...