Filtered by vendor Formcms Subscriptions

Search

Switch to Advanced Search (Beta)
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-55797 1 Formcms 1 Formcms 2025-10-07 6.5 Medium
An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/[schemaId] endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed.
CVE-2025-56236 1 Formcms 1 Formcms 2025-09-09 6.1 Medium
FormCms v0.5.5 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible via a public URL. When a privileged user accesses the file, the script executes in their browser context.