Security Advisory

CVE-2024-35191

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-05-20 20:26:24

Last updated 2024-08-02 03:07:46

Assigner GitHub_M

State PUBLISHED

Description

Formie is a Craft CMS plugin for creating forms. Prior to 2.1.6, users with access to a forms settings can include malicious Twig code into fields that support Twig. These might be the Submission Title or the Success Message. This code will then be executed upon creating a submission, or rendering the text. This has been fixed in Formie 2.1.6.

← Browse all CVEs View on cve.org ↗