VYPR

NuGet package

formcms

pkg:nuget/formcms

Vulnerabilities (2)

  • CVE-2025-55797Sep 30, 2025
    affected < 0.5.5fixed 0.5.5

    An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/[schemaId] endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed.

  • CVE-2025-56236Aug 28, 2025
    affected < 0.5.7fixed 0.5.7

    FormCms v0.5.5 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible via a public URL. When a privileged user accesses the file, the script executes