Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Form Tools through 3.0.20. When an administrator creates a customer account, it is possible for the customer to log in and proceed with a change of name and last name. However, these fields are vulnerable to XSS payload insertion, being triggered in the admin panel when the admin tries to see the client list. This type of XSS (stored) can lead to the extraction of the PHPSESSID cookie belonging to the admin.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Form Tools 跨站脚本漏洞
Vulnerability Description
Form Tools是开源的一个表单工具脚本、模块、主题和 API 的代码库。 Form Tools 存在跨站脚本漏洞,该漏洞源于从 3.0.20 版本开始,在 Form Tools 中发现了一个问题。 当管理员创建客户帐户时,客户可以登录并继续更改姓名和姓氏。 但是,这些字段容易受到 XSS 负载插入的影响,当管理员尝试查看客户端列表时会在管理面板中触发。 这种类型的 XSS(存储)会导致提取属于管理员的 PHPSESSID cookie。
CVSS Information
N/A
Vulnerability Type
N/A