5 matches found
Incorrect Privilege Assignment
Overview getformwork/formwork is an a file-based Content Management System CMS to make and manage simple sites. Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to insufficient privilege checks in the create user function. An attacker can gain unauthorized...
Stored Cross-site Scripting (XSS)
getformwork/formwork is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper sanitization of input in the blog tag field, which allows an attacker to inject malicious scripts that execute in the browser of any authenticated user accessing or editing the affected blo...
Cross-site Scripting (XSS)
Overview getformwork/formwork is an a file-based Content Management System CMS to make and manage simple sites. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the title field in the panel/options/site page. An attacker can exploit this vulnerability by embedding...
Cross Site Scripting (XSS)
getformwork/formwork is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper user input validation within meta.php, which allows an attacker to perform XSS...
Cross-site Scripting (XSS)
getformwork/formwork is vulnerable to Cross-site Scripting XSS. The vulnerability is caused due to insufficient sanitization of markdown fields, allowing users with page editing permissions to insert...