Security Advisory

CVE-2025-56236

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-08-28 00:00:00

Last updated 2025-08-28 20:03:21

Assigner mitre

State PUBLISHED

Description

FormCms v0.5.5 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible via a public URL. When a privileged user accesses the file, the script executes in their browser context.

← Browse all CVEs View on cve.org ↗