CVE-2026-27198
- EPSS 0.04%
- Veröffentlicht 21.02.2026 05:11:42
- Zuletzt bearbeitet 03.03.2026 17:33:54
Formwork is a flat file-based Content Management System (CMS). In versions 2.0.0 through 2.3.3, the application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, ...
CVE-2025-65956
- EPSS 0.04%
- Veröffentlicht 25.11.2025 23:20:23
- Zuletzt bearbeitet 03.12.2025 20:30:01
Formwork is a flat file-based Content Management System (CMS). Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting (XSS). Any user with credentials to the Formwork CMS who accesses or edit...
CVE-2024-37160
- EPSS 0.84%
- Veröffentlicht 07.06.2024 14:15:10
- Zuletzt bearbeitet 21.11.2024 09:23:19
Formwork is a flat file-based Content Management System (CMS). An attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affect...
CVE-2023-24230
- EPSS 0.38%
- Veröffentlicht 10.02.2023 16:15:12
- Zuletzt bearbeitet 24.03.2025 18:15:17
A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter.