An issue exists in Terminalfour 7.4 up to and including 7.4.0004 QP3 and 8 up to and including 8.3.19, and Formbank up to and including 2.1.10-FINAL. Unauthenticated Stored Cross-Site Scripting can occur, with resultant Admin Session Hijacking. The attack vectors are Form Builder and Form Preview.