Filtered by vendor Formcms
Subscribe
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-55797 | 1 Formcms | 1 Formcms | 2025-10-07 | N/A | 6.5 MEDIUM |
| An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/[schemaId] endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed. | |||||
| CVE-2025-56236 | 1 Formcms | 1 Formcms | 2025-09-09 | N/A | 6.1 MEDIUM |
| FormCms v0.5.5 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible via a public URL. When a privileged user accesses the file, the script executes in their browser context. | |||||