CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-56236

FormCms v0.5.5 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible via a public URL. When a privileged user accesses the file, the script executes in their browser context.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 7.4%

CVSS Severity

CVSS v3 Score 6.1

References

https://github.com/FormCms/FormCms/issues/27
https://github.com/KKC73/me/blob/main/CVE-2025-56236/README.md

Products affected by CVE-2025-56236

Formcms » Formcms » Version: 0.5.5

cpe:2.3:a:formcms:formcms:0.5.5
Formcms » Formcms » Version: 0.5.6

cpe:2.3:a:formcms:formcms:0.5.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-56236

Products

Pricing

Contact Us