CVE-2021-38144

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-38144

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-38144.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-38144

Published

2021-08-31T05:15:06.650Z

Modified

2025-11-14T12:07:47.200258Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Form Tools through 3.0.20. A low-privileged user can trigger Reflected XSS when a viewing a form via the submissionid parameter, e.g., clients/forms/editsubmission.php?formid=1&viewid=1&submission_id=[XSS].

References

Affected packages

Git / github.com/formtools/core

Affected ranges

Type: GIT
Repo: https://github.com/formtools/core
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

051a533bdbfed367e9c6cac19a834d79b490377e

Affected versions

2.*

2.0.0

2.0.0-beta-20081219

2.0.0-beta-20081223

2.0.0-beta-20081230

2.0.0-beta-20090101

2.0.0-beta-20090104

2.0.0-beta-20090105

2.0.0-beta-20090106

2.0.0-beta-20090107

2.0.0-beta-20090108

2.0.0-beta-20090111

2.0.0-beta-20090112

2.0.0-beta-20090113

2.0.0-beta-20090114

2.0.0-beta-20090117

2.0.0-beta-20090120

2.0.0-beta-20090131

2.0.0-beta-20090211

2.0.0-beta-20090217

2.0.0-beta-20090223

2.0.0-beta-20090301

2.0.0-beta-20090302

2.0.0-beta-20090305

2.0.0-beta-20090308

2.0.0-beta-20090309

2.0.0-beta-20090312

2.0.0-beta-20090317

2.0.0-beta-20090318

2.0.0-beta-20090319

2.0.0-beta-20090320

2.0.0-beta-20090321

2.0.0-beta-20090327

2.0.0-beta-20090402

2.0.0-beta-20090404

2.0.0-beta-20090407

2.0.0-beta-20090409

2.0.0-beta-20090414

2.0.0-beta-20090427

2.0.0-beta-20090428

2.0.0-beta-20090509

2.0.0-beta-20090510

2.0.0-beta-20090511

2.0.0-beta-20090518

2.0.0-beta-20090524

2.0.0-beta-20090614

2.0.0-beta-20090627

2.0.0-beta-20090712

2.0.0-beta-20090808

2.0.0-beta-20090809

2.0.0-beta-20090815

2.0.0-beta-20090823

2.0.0-beta-20090826

2.0.0-beta-20090908

2.0.0-beta-20090926

2.0.0-beta-20091003

2.0.0-beta-20091012

2.0.0-beta-20091021

2.0.0-beta-20091030

2.0.0-beta-20091101

2.0.0-beta-20091113

2.0.0-beta-20091116

2.0.0-beta-20091122

2.0.0-beta-20091210

2.0.0-beta-20091212

2.0.0-beta-20091213

2.0.0-beta-20091216

2.0.0-beta-20091224

2.0.0-beta-20100101

2.0.0-beta-20100118

2.0.1

2.0.1-beta-20100410

2.0.1-beta-20100425

2.0.1-beta-20100428

2.0.1-beta-20100516

2.0.2

2.0.3

2.0.3-beta-20100731

2.0.3-beta-20100807

2.0.3-beta-20100908

2.0.3-beta-20100911

2.0.3-beta-20100914

2.0.3-beta-20100915

2.0.3-beta-20100919

2.0.4

2.0.5

2.0.6

2.1.0

2.1.0-alpha-20110426

2.1.0-alpha-20110519

2.1.0-alpha-20110521

2.1.0-alpha-20110522

2.1.0-alpha-20110526

2.1.0-alpha-20110527

2.1.0-alpha-20110528

2.1.0-alpha-20110530

2.1.0-alpha-20110603

2.1.0-alpha-20110607

2.1.0-alpha-20110609

2.1.0-alpha-20110614

2.1.0-beta-20110616

2.1.0-beta-20110618

2.1.0-beta-20110620

2.1.0-beta-20110622

2.1.0-beta-20110623

2.1.0-beta-20110626

2.1.0-beta-20110630

2.1.0-beta-20110702

2.1.0-beta-20110710

2.1.0-beta-20110713

2.1.0-beta-20110714

2.1.0-beta-20110716

2.1.0-beta-20110720

2.1.0-beta-20110729

2.1.0-beta-20110730

2.1.0-beta-20110731

2.1.0-beta-20110802

2.1.0-beta-20110807

2.1.0-beta-20110809

2.1.0-beta-20110811

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.1.7

2.1.8

2.1.9

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.2.5

2.2.6

2.2.7

3.*

3.0.0

3.0.0-alpha-20170916

3.0.0-alpha-20170917

3.0.0-alpha-20170922

3.0.0-alpha-20170924

3.0.0-alpha-20170927

3.0.0-alpha-20170930

3.0.0-alpha-20171005

3.0.0-alpha-20171007

3.0.0-alpha-20171014

3.0.0-alpha-20171017

3.0.0-alpha-20171019

3.0.0-alpha-20171023

3.0.0-alpha-20171029

3.0.0-alpha-20171107

3.0.0-alpha-20171108

3.0.0-alpha-20171111

3.0.0-alpha-20171122

3.0.0-alpha-20171123

3.0.0-alpha-20171127

3.0.0-alpha-20171128

3.0.0-alpha-20171214

3.0.0-alpha-20171215

3.0.0-alpha-20171218

3.0.0-alpha-20171220

3.0.0-alpha-20171225

3.0.0-alpha-20171230

3.0.0-alpha-20180103

3.0.0-alpha-20180114

3.0.0-alpha-20180127

3.0.0-alpha-20180201

3.0.0-beta-20180206

3.0.0-beta-20180224

3.0.0-beta-20180312

3.0.0-beta-20180315

3.0.0-beta-20180318

3.0.0-beta-20180320

3.0.0-beta-20180410

3.0.1

3.0.10

3.0.11

3.0.13

3.0.2

3.0.20

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-38144.json"