formstone@1.4.15-1 vulnerabilities

Library of modular front end components.

Direct Vulnerabilities

Known vulnerabilities in the formstone package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

formstone is a Library of modular front end components.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper validation of user-supplied input in the upload-target.php and upload-chunked.php files. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, which could allow the attacker to steal cookie-based authentication credentials, force malware execution, or redirect users to malicious sites by crafting a specially designed URL.

How to fix Cross-site Scripting (XSS)?

Upgrade formstone to version 1.4.17 or higher.

<1.4.17