A vulnerability classified as problematic has been found in formtools.org Form Tools 3.1.1. This affects an unknown part of the file /admin/forms/add/step2.php?submission_type=direct. The manipulation of the argument Form URL leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271989 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References
Link | Resource |
---|---|
https://github.com/DeepMountains/Mirage/blob/main/CVE-2.md | Broken Link |
https://vuldb.com/?ctiid.271989 | Permissions Required |
https://vuldb.com/?id.271989 | Third Party Advisory |
https://vuldb.com/?submit.372309 | Third Party Advisory |
Configurations
History
10 Sep 2024, 20:22
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 3.3
v3 : 4.8 |
References | () https://github.com/DeepMountains/Mirage/blob/main/CVE-2.md - Broken Link | |
References | () https://vuldb.com/?ctiid.271989 - Permissions Required | |
References | () https://vuldb.com/?id.271989 - Third Party Advisory | |
References | () https://vuldb.com/?submit.372309 - Third Party Advisory | |
First Time |
Formtools
Formtools form Tools |
|
CPE | cpe:2.3:a:formtools:form_tools:3.1.1:*:*:*:*:*:*:* |
22 Jul 2024, 13:00
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
21 Jul 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-21 02:15
Updated : 2024-09-10 20:22
NVD link : CVE-2024-6934
Mitre link : CVE-2024-6934
CVE.ORG link : CVE-2024-6934
JSON object : View
Products Affected
formtools
- form_tools
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')