← Back

Formcms

formcms

Vendor: Formcms • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-55797
1Formcms
1Formcms
Oct 7, 2025
Sep 30, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/[schemaId] endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed.
CVE-2025-56236
1Formcms
1Formcms
Sep 9, 2025
Aug 28, 2025
N/A· v4
6.1 MEDIUM· v3
N/A· v2
FormCms v0.5.5 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible via a public URL. W...Show more
FormCms v0.5.5 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible via a public URL. When a privileged user accesses the file, the script executes in their browser context.Show less