Filtered by vendor Formcms
Subscriptions
Filtered by product Formcms
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55797 | 1 Formcms | 1 Formcms | 2025-10-07 | 6.5 Medium |
| An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/[schemaId] endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed. | ||||
| CVE-2025-56236 | 1 Formcms | 1 Formcms | 2025-09-09 | 6.1 Medium |
| FormCms v0.5.5 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible via a public URL. When a privileged user accesses the file, the script executes in their browser context. | ||||
Page 1 of 1.