📦 Formie

This CVE describes a cross-site scripting (XSS) vulnerability in the Formie plugin for Craft CMS. When importing forms from JSON, malicious content in field labels or handles isn't properly escaped du...

This vulnerability allows authenticated users with form settings access to inject malicious Twig code into form fields like Submission Title or Success Message. The code executes when submissions are ...