getformwork/formwork Security Advisories (6)
-
[MEDIUM] Formwork CMS has Stored Cross-Site Scripting Vulnerebility in Blog Tags
PKSA-rmpr-1pwg-drvq CVE-2025-65956 GHSA-7j46-f57w-76pj
Affected version: <2.2.0
Reported by:
GitHub -
[HIGH] Formwork improperly validates input of User role preventing site and panel availability
PKSA-f12j-yzp4-332f GHSA-c85w-x26q-ch87
Affected version: >=2.0.0-beta.1,<2.0.0-beta.4
Reported by:
GitHub -
[MEDIUM] Formwork has a cross-site scripting (XSS) vulnerability in Site title
PKSA-188k-fkf5-brww GHSA-vf6x-59hh-332f
Affected version: =2.0.0-beta.3
Reported by:
GitHub -
[MEDIUM] Cross-site scripting (XSS) vulnerability in Description metadata
PKSA-mh52-mt19-xnym CVE-2024-37160 GHSA-5pxr-7m4j-jjc6
Affected version: =2.0.0-beta.1|<1.13.1
Reported by:
GitHub -
[MEDIUM] formwork Cross-site scripting vulnerability in Markdown fields
PKSA-c9nv-2t7m-n1sr CVE-2024-35621 GHSA-gx8m-f3mp-fg99
Affected version: <1.13.0
Reported by:
GitHub -
[MEDIUM] Formwork Cross-site Scripting (XSS) from Page title field
PKSA-bx6v-zfrw-98sd CVE-2023-24230 GHSA-fvrh-wrpf-6q7h
Affected version: <1.13.0
Reported by:
GitHub