Shodan
Vulnerabilities
Vulnerable Software
Formcms:  >> Formcms  >> 0.5.6  Security Vulnerabilities
CVE-2025-56236
FormCms v0.5.5 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible via a public URL. When a privileged user accesses the file, the script executes in their browser context.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-08-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved