Moderate severityNVD Advisory· Published Jun 7, 2024· Updated Aug 2, 2024
Formwork has a Cross-site scripting (XSS) vulnerability in Description metadata
CVE-2024-37160
Description
Formwork is a flat file-based Content Management System (CMS). An attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages (except the dashboard). This vulnerability is fixed in 1.13.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
getformwork/formworkPackagist | < 1.13.1 | 1.13.1 |
getformwork/formworkPackagist | >= 2.0.0-beta.1, < 2.0.0-beta.2 | 2.0.0-beta.2 |
Affected products
2Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-5pxr-7m4j-jjc6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-37160ghsaADVISORY
- github.com/getformwork/formwork/commit/9d471204f7ebb51c3c27131581c2b834315b5e0bghsax_refsource_MISCWEB
- github.com/getformwork/formwork/commit/f5312015a5a5e89b95ef2bd07e496f8474d579c5ghsax_refsource_MISCWEB
- github.com/getformwork/formwork/security/advisories/GHSA-5pxr-7m4j-jjc6ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.