CVE-2023-24230

Formwork v1.12.1 contains a stored XSS in the /formwork/panel/dashboard component, exploitable via the Page title field. Root cause is unsanitized input leading to script/HTML execution. CVSS 3.1 base score 4.8 (Medium) with PR:H, UI:R, scope Changed; impact on confidentiality/integrity is Low. A...

CVE-2024-37160

Formwork CVE-2024-37160 concerns the Formwork flat-file CMS. The vulnerability is an XSS flaw exploitable when an administrator modifies site options via /panel/options/site, allowing injection of scripts that can affect visitors across most pages (dashboard excluded). Affected component is descr...

CVE-2025-65956

Summary: CVE-2025-65956 affects Formwork CMS (flat-file CMS) prior to version 2.2.0. The vulnerability is a stored cross-site scripting (XSS) in the blog tag field; unsanitized input inserted into the tag field can execute attacker-controlled scripts in the browser of any privileged user (adminis...

CVE-2026-27198

CVE-2026-27198 refers to Formwork (CMS) where versions 2.0.0–2.3.3 fail to enforce proper authorization during account creation. The issue allows an authenticated editor to create new accounts with administrative privileges by issuing roles without validating the caller’s privilege to assign such...