17 matches found
CVE-2026-27198
Formwork is a flat file-based Content Management System CMS. In versions 2.0.0 through 2.3.3, the application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, it does not verify whether the current user has...
CVE-2026-27198
Formwork is a flat file-based Content Management System CMS. In versions 2.0.0 through 2.3.3, the application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, it does not verify whether the current user has...
CVE-2026-27198 Formwork Improperly Manages Privileges During User Creation
Formwork is a flat file-based Content Management System CMS. In versions 2.0.0 through 2.3.3, the application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, it does not verify whether the current user has...
CVE-2025-65956
Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...
Cross-site Scripting (XSS)
Overview getformwork/formwork is an a file-based Content Management System CMS to make and manage simple sites. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the blog tag field. An attacker can execute arbitrary scripts in the context of another user's browser...
CVE-2025-65956 Formwork CMS Has a Stored Cross-Site Scripting (XSS) Vulnerability in Blog Tags
Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...
EUVD-2025-199018
Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...
CVE-2025-65956
Summary: CVE-2025-65956 affects Formwork CMS (flat-file CMS) prior to version 2.2.0. The vulnerability is a stored cross-site scripting (XSS) in the blog tag field; unsanitized input inserted into the tag field can execute attacker-controlled scripts in the browser of any privileged user (adminis...
CVE-2025-65956 Formwork CMS Has a Stored Cross-Site Scripting (XSS) Vulnerability in Blog Tags
Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...
PT-2025-48034
Formwork is a flat file-based Content Management System CMS. Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controll...
GHSA-7J46-F57W-76PJ Formwork CMS has Stored Cross-Site Scripting Vulnerebility in Blog Tags
Summary Inserting unsanitized data into the blog tag field in Formwork CMS results in stored cross‑site scripting XSS. Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controlled script executed in their browser. Because the issue is...
CVE-2024-37160
Formwork is a flat file-based Content Management System CMS. An attackers requires administrator privilege to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages except the dashboard...
CVE-2024-37160
Formwork is a flat file-based Content Management System CMS. An attackers requires administrator privilege to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages except the dashboard...
CVE-2024-37160 Formwork has a Cross-site scripting (XSS) vulnerability in Description metadata
Formwork is a flat file-based Content Management System CMS. An attackers requires administrator privilege to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages except the dashboard...
CVE-2024-37160 Formwork has a Cross-site scripting (XSS) vulnerability in Description metadata
Formwork is a flat file-based Content Management System CMS. An attackers requires administrator privilege to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages except the dashboard...
CVE-2024-37160 Formwork has a Cross-site scripting (XSS) vulnerability in Description metadata
Formwork is a flat file-based Content Management System CMS. An attackers requires administrator privilege to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages except the dashboard...
CVE-2024-37160
Formwork CVE-2024-37160 concerns the Formwork flat-file CMS. The vulnerability is an XSS flaw exploitable when an administrator modifies site options via /panel/options/site, allowing injection of scripts that can affect visitors across most pages (dashboard excluded). Affected component is descr...