Formcms - Formcms CVE

Filtered by vendor Formcms Subscribe

Filtered by product Formcms

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2025-56236	1 Formcms	1 Formcms	2025-09-09	N/A	6.1 MEDIUM
FormCms v0.5.5 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible via a public URL. When a privileged user accesses the file, the script executes in their browser context.

Vulnerabilities (CVE)