3 matches found
CVE-2025-32427
CVE-2025-32427 concerns the verbb/formie Craft CMS plugin. Before version 2.1.44, importing a form from JSON could leak XSS if a field label or handle contained malicious content, because the preview output was not properly escaped. The vulnerability requires intentional tampering with the JSON e...
CVE-2024-35191
CVE-2024-35191 affects the verbb/formie Craft CMS plugin. Before version 2.1.6, users who can access a form’s settings could insert malicious Twig code into fields that support Twig (e.g., Submission Title or Success Message). The injected Twig could be executed when a submission is created or wh...
CVE-2025-32426
CVE-2025-32426 affects the Formie Craft CMS form plugin. The issue is an HTML injection (XSS) vulnerability in the HTML content of email notification previews, exploitable only if an attacker can modify the form’s email notification settings. The root cause is insufficient sanitization in the ema...