{
  "id": "CVE-2024-22220",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-02-21T16:15:50.600",
  "lastModified": "2024-02-22T19:07:27.197",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 through 8.3.19, and Formbank through 2.1.10-FINAL. Unauthenticated Stored Cross-Site Scripting can occur, with resultant Admin Session Hijacking. The attack vectors are Form Builder and Form Preview."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en Terminalfour 7.4 hasta 7.4.0004 QP3 y 8 hasta 8.3.19, y en Formbank hasta 2.1.10-FINAL. Pueden producirse Cross-Site Scripting Almacenado no autenticadas, con el consiguiente secuestro de sesi\u00f3n de administrador. Los vectores de ataque son Form Builder y Form Preview."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://docs.terminalfour.com/articles/release-notes-highlights/",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://docs.terminalfour.com/release-notes/security-notices/cve-2024-22220/",
      "source": "cve@mitre.org"
    }
  ]
}