2 matches found
CVE-2025-52122
Summary : CVE-2025-52122 affects the Freeform CraftCMS plugin. Vulnerable versions : Freeform 5.0.0 up to (but not including) 5.10.16. Root cause : Server-side template injection (SSTI) in Freeform allows arbitrary code execution. Impact : All users with access to editing a form submission title ...
CVE-2026-26188
The vulnerability CVE-2026-26188 affects Solspace Freeform plugin for Craft CMS 5.x. An authenticated, low-privilege user who can create/edit forms can inject arbitrary HTML/JS into the Craft Control Panel builder and integrations views. User-controlled form labels and integration metadata are re...