6 matches found
CVE-2024-35621
creationtimestamp| type| source ---|---|--- 2025-03-28 19:29:17+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/9446...
CVE-2024-35621
A cross-site scripting XSS vulnerability in the Edit function of Formwork before 1.13.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content field...
formwork Cross-site scripting vulnerability in Markdown fields
Impact Users with access to the administration panel with page editing permissions could insert tags in markdown fields, which are exposed on the publicly accessible site pages, leading to potential XSS injections. Patches - Formwork 1.13.0 has been released with a patch that solves this...
GHSA-GX8M-F3MP-FG99 formwork Cross-site scripting vulnerability in Markdown fields
Impact Users with access to the administration panel with page editing permissions could insert tags in markdown fields, which are exposed on the publicly accessible site pages, leading to potential XSS injections. Patches - Formwork 1.13.0 has been released with a patch that solves this...
CVE-2024-35621
Formwork CVE-2024-35621 is an XSS in the Edit function prior to 1.13.0, exploitable via a crafted payload in the Content field. Root cause: insufficient sanitization of markdown fields, enabling [removed] tags to reach public pages through editor content. Affected: Formwork before 1.13.0. Impact:...
CVE-2024-35621
A cross-site scripting XSS vulnerability in the Edit function of Formwork before 1.13.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content field...