VYPR
Vendor

Formwork

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2024-37160MedJun 7, 2024
    risk 0.24cvss 4.8epss 0.00

    Formwork is a flat file-based Content Management System (CMS). An attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages…

  • CVE-2024-35621MedMay 28, 2024
    risk 0.24cvss 4.8epss 0.00

    A cross-site scripting (XSS) vulnerability in the Edit function of Formwork before 1.13.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content field.

  • CVE-2023-24230MedFeb 10, 2023
    risk 0.24cvss 4.8epss 0.01

    A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter.

  • CVE-2026-27198Feb 21, 2026
    risk 0.00cvss epss 0.00

    Formwork is a flat file-based Content Management System (CMS). In versions 2.0.0 through 2.3.3, the application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, it does not verify whether…

  • CVE-2025-65956Nov 25, 2025
    risk 0.00cvss epss 0.00

    Formwork is a flat file-based Content Management System (CMS). Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting (XSS). Any user with credentials to the Formwork CMS who accesses or edits an affected blog post…