Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
VerbbFormie

3 matches found

CVE
CVEadded 2025/04/11 2:15 p.m.49 views

CVE-2025-32427

Formie is a Craft CMS plugin for creating forms. Prior to 2.1.44, when importing a form from JSON, if the field label or handle contained malicious content, the output wasn't correctly escaped when viewing a preview of what was to be imported. As imports are undertaking primarily by users who have ...

5.3CVSS6.3AI score0.0007EPSS
CVE
CVEadded 2025/04/11 2:15 p.m.47 views

CVE-2025-32426

Formie is a Craft CMS plugin for creating forms. Prior to version 2.1.44, it is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal means (a delivered email). This would requir...

4.6CVSS4.8AI score0.00039EPSS
CVE
CVEadded 2024/05/20 9:15 p.m.41 views

CVE-2024-35191

Formie is a Craft CMS plugin for creating forms. Prior to 2.1.6, users with access to a form's settings can include malicious Twig code into fields that support Twig. These might be the Submission Title or the Success Message. This code will then be executed upon creating a submission, or rendering...

4.4CVSS6.7AI score0.0007EPSS