CVE Tools

formtools

Web & CMS Pluginscommercial

12

Cumulative CVEs

3

Monthly snapshots

#165

Peak rank

Top products

Latest CVEs

The 13 most recently published vulnerabilities affecting formtools.

CVE-2024-6937formtools.org Form Tools Import Option List edit.php curl_exec file inclusion2.7Jul 21, 2024
CVE-2024-6936formtools.org Form Tools Setting code injection2.7Jul 21, 2024
CVE-2024-6935formtools.org Form Tools User Settings Page cross site scripting2.4Jul 21, 2024
CVE-2024-6934formtools.org Form Tools cross site scripting2.4Jul 21, 2024
CVE-2024-22722Server Side Template Injection (SSTI) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application.7.2Apr 11, 2024
CVE-2024-22721Cross Site Request Forgery (CSRF) vulnerability in Form Tools 3.1.1 allows attackers to manipulate sensitive user data via crafted link.6.3Apr 11, 2024
CVE-2024-22719SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary SQL commands via the 'keyword' when searching for a client.8.1Apr 11, 2024
CVE-2024-22718Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the client_id parameter in the application URL.9.6Apr 11, 2024
CVE-2024-22717Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the First Name field in the application.6.1Apr 11, 2024
CVE-2024-22637Form Tools v3.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /form_builder/preview.php?form_id=2.6.1Jan 25, 2024
CVE-2021-38144An issue was discovered in Form Tools through 3.0.20. A low-privileged user can trigger Reflected XSS when a viewing a form via the submission_id parameter, e.g., clients/forms/edit_submission.php?...5.4Aug 31, 2021
CVE-2021-38143An issue was discovered in Form Tools through 3.0.20. When an administrator creates a customer account, it is possible for the customer to log in and proceed with a change of name and last name. Ho...6.1Aug 31, 2021
CVE-2021-38145An issue was discovered in Form Tools through 3.0.20. SQL Injection can occur via the export_group_id field when a low-privileged user (client) tries to export a form with data, e.g., manipulation ...9.8Aug 31, 2021