VYPR
Vendor

Formtools.org

Products
2
CVEs
14
Across products
14
Status
Private

Products

2

Recent CVEs

14
  • CVE-2021-38145CriAug 31, 2021
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Form Tools through 3.0.20. SQL Injection can occur via the export_group_id field when a low-privileged user (client) tries to export a form with data, e.g., manipulation of modules/export_manager/export.php?export_group_id=1&export_group_1_results=all&e…

  • CVE-2024-22719HigApr 11, 2024
    risk 0.53cvss 8.1epss 0.01

    SQL Injection vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary SQL commands via the 'keyword' when searching for a client.

  • CVE-2023-45139HigJan 10, 2024
    risk 0.42cvss 7.5epss 0.01

    fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an attacker to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed.…

  • CVE-2024-22721MedApr 11, 2024
    risk 0.41cvss 6.3epss 0.00

    Cross Site Request Forgery (CSRF) vulnerability in Form Tools 3.1.1 allows attackers to manipulate sensitive user data via crafted link.

  • CVE-2024-22717MedApr 11, 2024
    risk 0.40cvss 6.1epss 0.00

    Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary code via the First Name field in the application.

  • CVE-2024-22637MedJan 25, 2024
    risk 0.40cvss 6.1epss 0.00

    Form Tools v3.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /form_builder/preview.php?form_id=2.

  • CVE-2021-38143MedAug 31, 2021
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Form Tools through 3.0.20. When an administrator creates a customer account, it is possible for the customer to log in and proceed with a change of name and last name. However, these fields are vulnerable to XSS payload insertion, being triggered in…

  • CVE-2021-38144MedAug 31, 2021
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in Form Tools through 3.0.20. A low-privileged user can trigger Reflected XSS when a viewing a form via the submission_id parameter, e.g., clients/forms/edit_submission.php?form_id=1&view_id=1&submission_id=[XSS].

  • CVE-2024-6937LowJul 21, 2024
    risk 0.18cvss 2.7epss 0.00

    A vulnerability, which was classified as problematic, was found in formtools.org Form Tools 3.1.1. Affected is the function curl_exec of the file /admin/forms/option_lists/edit.php of the component Import Option List. The manipulation of the argument url leads to file inclusion.…

  • CVE-2024-6936LowJul 21, 2024
    risk 0.18cvss 2.7epss 0.00

    A vulnerability, which was classified as problematic, has been found in formtools.org Form Tools 3.1.1. This issue affects some unknown processing of the file /admin/settings/index.php?page=accounts of the component Setting Handler. The manipulation of the argument Page Theme…

  • CVE-2024-6935LowJul 21, 2024
    risk 0.16cvss 2.4epss 0.00

    A vulnerability classified as problematic was found in formtools.org Form Tools 3.1.1. This vulnerability affects unknown code of the file /admin/clients/ of the component User Settings Page. The manipulation leads to cross site scripting. The attack can be initiated remotely.…

  • CVE-2024-6934LowJul 21, 2024
    risk 0.16cvss 2.4epss 0.00

    A vulnerability classified as problematic has been found in formtools.org Form Tools 3.1.1. This affects an unknown part of the file /admin/forms/add/step2.php?submission_type=direct. The manipulation of the argument Form URL leads to cross site scripting. It is possible to…

  • CVE-2007-6464Dec 20, 2007
    risk 0.03cvss epss 0.02

    Multiple PHP remote file inclusion vulnerabilities in Form tools 1.5.0b allow remote attackers to execute arbitrary PHP code via a URL in the g_root_dir parameter to (1) admin_page_open.php and (2) client_page_open.php in global/templates/.

  • CVE-2025-66034Nov 29, 2025
    risk 0.00cvss epss 0.01

    fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLib) script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace…