Moderate severityNVD Advisory· Published Aug 28, 2025· Updated Aug 28, 2025
CVE-2025-56236
CVE-2025-56236
Description
FormCms v0.5.5 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible via a public URL. When a privileged user accesses the file, the script executes in their browser context.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
FormCMSNuGet | < 0.5.7 | 0.5.7 |
Affected products
1Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.