getformwork/formwork
Packagist4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting getformwork/formworkpage 1 of 1
- CVE-2023-24230MEDIUMCVSS 4.8EG 4.8✓ Fixed in 1.13.02023-02-10
vulnerable: 0.10.0 ... 1.9.1 (60 versions)
A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter.
- CVE-2024-35621MEDIUMCVSS 4.8EG 4.8✓ Fixed in 1.13.02024-05-28
vulnerable: 0.10.0 ... 1.9.1 (60 versions)
A cross-site scripting (XSS) vulnerability in the Edit function of Formwork before 1.13.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content field.
- CVE-2024-37160MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.0.0-beta.22024-06-07
vulnerable: 2.0.0-beta.1
Formwork is a flat file-based Content Management System (CMS). An attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persiste…
- CVE-2025-65956MEDIUMCVSS 5.4EG 6.5✓ Fixed in 2.2.02025-11-26
vulnerable: 0.10.0 ... 2.1.5 (78 versions)
Formwork is a flat file-based Content Management System (CMS). Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting (XSS). Any user with credentials to the Formwork CMS who acc…
Check whether getformwork/formwork is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for getformwork/formwork CVEs against the assets you own.
Start Free Scan →