CNNVD-202511-2817 Information
CNNVD ID
CNNVD-202511-2817
Related CVE
- CNNVD Published: 2025-11-26
Description (Chinese)
Formwork是Formwork开源的一个基于平面文件的内容管理系统(CMS)。用于构建和管理简单网站。 Formwork 2.2.0之前版本存在跨站脚本漏洞,该漏洞源于未清理博客标签字段输入,可能导致存储型跨站脚本攻击。
Description (English)
Formwork is a content management system (CMS) based on paper files from Formwork. To build and manage a simple website. There was a cross-site script loophole in the pre-Formwork 2.2.0 version, which originated from uncleaned entry of a blog-marked signature segment, which could lead to a storage-type cross-site script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Formwork
Published
2025-11-26
Last Modified
2026-02-24
References
https://github.com/getformwork/formwork/security/advisories/GHSA-7j46-f57w-76pj https://github.com/getformwork/formwork/commit/4abcd60ae7692b46d316f956b0b20fb85336f3b2 https://github.com/getformwork/formwork/pull/791 https://access.redhat.com/security/cve/cve-2025-65956
Patch
https://github.com/getformwork/formwork/releases
Share on: