Vulnerability Details CVE-2024-22220
An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 through 8.3.19, and Formbank through 2.1.10-FINAL. Unauthenticated Stored Cross-Site Scripting can occur, with resultant Admin Session Hijacking. The attack vectors are Form Builder and Form Preview.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.7%
CVSS Severity
CVSS v3 Score 6.3
References
Products affected by CVE-2024-22220
-
cpe:2.3:a:terminalfour:formbank:*
-
cpe:2.3:a:terminalfour:terminalfour:*
-
cpe:2.3:a:terminalfour:terminalfour:7.4.0004
-
cpe:2.3:a:terminalfour:terminalfour:8.2.0
-
cpe:2.3:a:terminalfour:terminalfour:8.2.18.2.1
-
cpe:2.3:a:terminalfour:terminalfour:8.2.18.2.3
-
cpe:2.3:a:terminalfour:terminalfour:8.2.18.3
-
cpe:2.3:a:terminalfour:terminalfour:8.2.18.4
-
cpe:2.3:a:terminalfour:terminalfour:8.2.18.5
-
cpe:2.3:a:terminalfour:terminalfour:8.2.18.8
-
cpe:2.3:a:terminalfour:terminalfour:8.3.0
-
cpe:2.3:a:terminalfour:terminalfour:8.3.11.2
-
cpe:2.3:a:terminalfour:terminalfour:8.3.14.2
-
cpe:2.3:a:terminalfour:terminalfour:8.3.16
-
cpe:2.3:a:terminalfour:terminalfour:8.3.8