VulnerableCode Package Details - pkg:composer/getformwork/formwork@1.13.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-apsg-z7ny-gkag Aliases: CVE-2025-65956 GHSA-7j46-f57w-76pj	Formwork is a flat file-based Content Management System (CMS). Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting (XSS). Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controlled script executed in their browser. The issue is persistent and impacts privileged administrative workflows. This issue has been patched in version 2.2.0.	2.2.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-cyvu-6p8a-jfhz Aliases: CVE-2024-37160 GHSA-5pxr-7m4j-jjc6	Formwork is a flat file-based Content Management System (CMS). An attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages (except the dashboard). This vulnerability is fixed in 1.13.1.	1.13.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 2.0.0-beta.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-apsg-z7ny-gkag
Aliases:
CVE-2025-65956
GHSA-7j46-f57w-76pj

Formwork is a flat file-based Content Management System (CMS). Prior to version 2.2.0, inserting unsanitized data into the blog tag field results in stored cross‑site scripting (XSS). Any user with credentials to the Formwork CMS who accesses or edits an affected blog post will have attacker‑controlled script executed in their browser. The issue is persistent and impacts privileged administrative workflows. This issue has been patched in version 2.2.0.

2.2.0
Affected by 1 other vulnerability.

VCID-cyvu-6p8a-jfhz
Aliases:
CVE-2024-37160
GHSA-5pxr-7m4j-jjc6

Formwork is a flat file-based Content Management System (CMS). An attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages (except the dashboard). This vulnerability is fixed in 1.13.1.

1.13.1
Affected by 1 other vulnerability.

2.0.0-beta.2
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-ms8j-pza2-qfaj	A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter.	CVE-2023-24230 GHSA-fvrh-wrpf-6q7h
VCID-wmt4-ht54-xbff	A cross-site scripting (XSS) vulnerability in the Edit function of Formwork before 1.13.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content field.	CVE-2024-35621 GHSA-gx8m-f3mp-fg99

Vulnerability

Summary

Aliases

VCID-ms8j-pza2-qfaj

A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter.

CVE-2023-24230
GHSA-fvrh-wrpf-6q7h

VCID-wmt4-ht54-xbff

A cross-site scripting (XSS) vulnerability in the Edit function of Formwork before 1.13.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content field.

CVE-2024-35621
GHSA-gx8m-f3mp-fg99

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T06:25:22.979524+00:00	GHSA Importer	Fixing	VCID-ms8j-pza2-qfaj	https://github.com/advisories/GHSA-fvrh-wrpf-6q7h	38.6.0
2026-06-12T20:30:50.353774+00:00	GitLab Importer	Affected by	VCID-apsg-z7ny-gkag	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/getformwork/formwork/CVE-2025-65956.yml	38.6.0
2026-06-12T19:32:02.978455+00:00	GitLab Importer	Affected by	VCID-cyvu-6p8a-jfhz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/getformwork/formwork/CVE-2024-37160.yml	38.6.0
2026-06-12T19:30:07.260513+00:00	GitLab Importer	Fixing	VCID-wmt4-ht54-xbff	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/getformwork/formwork/CVE-2024-35621.yml	38.6.0
2026-06-12T15:45:31.032917+00:00	GitLab Importer	Fixing	VCID-ms8j-pza2-qfaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/getformwork/formwork/CVE-2023-24230.yml	38.6.0
2026-06-12T07:58:21.374434+00:00	GithubOSV Importer	Fixing	VCID-ms8j-pza2-qfaj	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-fvrh-wrpf-6q7h/GHSA-fvrh-wrpf-6q7h.json	38.6.0
2026-06-12T07:45:04.880831+00:00	GithubOSV Importer	Fixing	VCID-wmt4-ht54-xbff	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-gx8m-f3mp-fg99/GHSA-gx8m-f3mp-fg99.json	38.6.0
2026-06-11T20:35:00.828118+00:00	GHSA Importer	Fixing	VCID-wmt4-ht54-xbff	https://github.com/advisories/GHSA-gx8m-f3mp-fg99	38.6.0