CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-24230

A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 26.3%

CVSS Severity

CVSS v3 Score 4.8

References

https://github.com/getformwork/formwork/releases/tag/1.12.1
https://medium.com/%400x2bit/formwork-1-12-1-stored-xss-vulnerability-at-page-title-b6efba27891a
https://github.com/getformwork/formwork/releases/tag/1.12.1
https://medium.com/%400x2bit/formwork-1-12-1-stored-xss-vulnerability-at-page-title-b6efba27891a

Products affected by CVE-2023-24230

Formwork Project » Formwork » Version: 1.12.1

cpe:2.3:a:formwork_project:formwork:1.12.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-24230

Products

Pricing

Contact Us