Phormer contains a cross-site scripting vulnerability (CWE-79).
An arbitrary script may be executed on the web browser of the user.
Update the Software
Update the software to the latest version according to the information provided by the developer.
Phormer version 3.35 was released to fix this issue.
The developer states that the project already ended in 2007, no support available now.