CVE-2025-25983

An issue in Macro-video Technologies Co.,Ltd V380 Pro android application 2.1.44 and V380 Pro android application 2.1.64 allows an attacker to obtain sensitive information via the QE code based sharing component...

Macro-Video V380 安全漏洞

Macro-Video V380 is an IP camera from Macro-Video. A security vulnerability exists in Macro-Video V380 version 2.1.44 and version 2.1.64, which stems from a QR code sharing component that could lead to the disclosure of sensitive information...

CVE-2025-32427

Formie is a Craft CMS plugin for creating forms. Prior to 2.1.44, when importing a form from JSON, if the field label or handle contained malicious content, the output wasn't correctly escaped when viewing a preview of what was to be imported. As imports are undertaking primarily by users who hav...

GHSA-2XM2-23FF-P8WW Formie has XSS vulnerability for email notification content for preview

Impact It is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal means a delivered email. This would require access to the form's email notification settings. Patches This ha...

Formie has XSS vulnerability for importing forms

Impact When importing a form from JSON, if the field label or handle contained malicious content, the output wasn't correctly escaped when viewing a preview of what was to be imported. As imports are undertaking primarily by users who have themselves exported the form from one environment to...

CVE-2025-32427

Formie is a Craft CMS plugin for creating forms. Prior to 2.1.44, when importing a form from JSON, if the field label or handle contained malicious content, the output wasn't correctly escaped when viewing a preview of what was to be imported. As imports are undertaking primarily by users who hav...

CVE-2025-32426 Formie has a XSS vulnerability for email notification content for preview

Formie is a Craft CMS plugin for creating forms. Prior to version 2.1.44, it is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal means a delivered email. This would requir...

CVE-2025-32427 Formie has a XSS vulnerability for importing forms

Formie is a Craft CMS plugin for creating forms. Prior to 2.1.44, when importing a form from JSON, if the field label or handle contained malicious content, the output wasn't correctly escaped when viewing a preview of what was to be imported. As imports are undertaking primarily by users who hav...

CVE-2025-32427 Formie has a XSS vulnerability for importing forms

Formie is a Craft CMS plugin for creating forms. Prior to 2.1.44, when importing a form from JSON, if the field label or handle contained malicious content, the output wasn't correctly escaped when viewing a preview of what was to be imported. As imports are undertaking primarily by users who hav...

CVE-2025-32427 Formie has a XSS vulnerability for importing forms

Formie is a Craft CMS plugin for creating forms. Prior to 2.1.44, when importing a form from JSON, if the field label or handle contained malicious content, the output wasn't correctly escaped when viewing a preview of what was to be imported. As imports are undertaking primarily by users who hav...

CVE-2025-32427

CVE-2025-32427 concerns the verbb/formie Craft CMS plugin. Before version 2.1.44, importing a form from JSON could leak XSS if a field label or handle contained malicious content, because the preview output was not properly escaped. The vulnerability requires intentional tampering with the JSON e...