Количество 2
Количество 2
CVE-2025-56236
FormCms v0.5.5 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible via a public URL. When a privileged user accesses the file, the script executes in their browser context.
GHSA-4fxf-xgrm-8fcj
FormCms avatar upload feature has a stored cross-site scripting (XSS) vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-56236 FormCms v0.5.5 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible via a public URL. When a privileged user accesses the file, the script executes in their browser context. | CVSS3: 6.1 | 0% Низкий | 5 месяцев назад |
| GHSA-4fxf-xgrm-8fcj FormCms avatar upload feature has a stored cross-site scripting (XSS) vulnerability | 0% Низкий | 5 месяцев назад |
Уязвимостей на страницу