MEDIUM
Fastspot
CVE published 2017-02-10
CVE-2016-10215
CVE-2016-10215 is a cross-site scripting issue in Fastspot BigTree's bigtree-form-builder component before version 1.2. The flaw stems from insufficient filtration of user-supplied data in multiple HTTP POST parameters sent to a form-builder AJAX endpoint. If successfully triggered, an attacker could execute arbitrary HTML and script code in the context of the vulnerable website. NVD assigns this issue a [truncated]