Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
FormtoolsCore

3 matches found

CVE
CVEadded 2021/08/31 5:15 a.m.53 views

CVE-2021-38143

An issue was discovered in Form Tools through 3.0.20. When an administrator creates a customer account, it is possible for the customer to log in and proceed with a change of name and last name. However, these fields are vulnerable to XSS payload insertion, being triggered in the admin panel when t...

6.1CVSS6AI score0.01071EPSS
CVE
CVEadded 2021/08/31 5:15 a.m.49 views

CVE-2021-38144

An issue was discovered in Form Tools through 3.0.20. A low-privileged user can trigger Reflected XSS when a viewing a form via the submission_id parameter, e.g., clients/forms/edit_submission.php?form_id=1&view_id=1&submission_id=[XSS].

5.4CVSS5.2AI score0.00408EPSS
CVE
CVEadded 2021/08/31 5:15 a.m.40 views

CVE-2021-38145

An issue was discovered in Form Tools through 3.0.20. SQL Injection can occur via the export_group_id field when a low-privileged user (client) tries to export a form with data, e.g., manipulation of modules/export_manager/export.php?export_group_id=1&export_group_1_results=all&export_type_id=1.

9.8CVSS9.8AI score0.02767EPSS