CVE-2024-22220 Information

Description

An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 through 8.3.19 and Formbank through 2.1.10-FINAL. Unauthenticated Stored Cross-Site Scripting can occur with resultant Admin Session Hijacking. The attack vectors are Form Builder and Form Preview.

Reference

https://docs.terminalfour.com/articles/release-notes-highlights/ https://docs.terminalfour.com/release-notes/security-notices/cve-2024-22220/