CVE-2024-37160

Published June 7th, 2024

View on NVD ↗

CVSS v3

4.8

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

Formwork is a flat file-based Content Management System (CMS). An attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages (except the dashboard). This vulnerability is fixed in 1.13.1.

getformwork/formwork

🏗 Formwork is a simple, fast and flexible flat-file CMS that allows you to create and manage websites without the need for a database

GitHub