Browse all 3 CVE security advisories affecting getformwork. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Getformwork is a form-building platform enabling users to create and manage custom forms for data collection. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting (XSS) flaws, and privilege escalation issues. The platform's three recorded CVEs highlight consistent security weaknesses in input validation and access control. While no major public security incidents have been documented, the recurring nature of these vulnerabilities suggests potential risks for organizations relying on getformwork for sensitive data collection. Users should implement strict input sanitization and maintain updated versions to mitigate known exploitation vectors.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-27198 | Formwork Improperly Manages Privileges During User Creation — formworkCWE-269 | 8.8 | High | 2026-02-21 |
| CVE-2025-65956 | Formwork CMS Has a Stored Cross-Site Scripting (XSS) Vulnerability in Blog Tags — formworkCWE-79 | 6.5 | Medium | 2025-11-25 |
| CVE-2024-37160 | Formwork has a Cross-site scripting (XSS) vulnerability in Description metadata — formworkCWE-79 | 4.8 | Medium | 2024-06-07 |
This page lists every published CVE security advisory associated with getformwork. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.