Moderate severityNVD Advisory· Published Feb 10, 2023· Updated Mar 24, 2025
CVE-2023-24230
CVE-2023-24230
Description
A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
getformwork/formworkPackagist | < 1.13.0 | 1.13.0 |
Affected products
2Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-fvrh-wrpf-6q7hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-24230ghsaADVISORY
- github.com/getformwork/formwork/commit/8781ee17ca9b9b7b0b57e090e7f2ba1b27dc1415ghsaWEB
- medium.com/@0x2bit/formwork-1-12-1-stored-xss-vulnerability-at-page-title-b6efba27891aghsaWEB
- github.com/getformwork/formwork/releases/tag/1.12.1mitre
- medium.com/%400x2bit/formwork-1-12-1-stored-xss-vulnerability-at-page-title-b6efba27891amitre
News mentions
0No linked articles in our index yet.