Description

Formie is a Craft CMS plugin for creating forms. Prior to 2.1.6, users with access to a form's settings can include malicious Twig code into fields that support Twig. These might be the Submission Title or the Success Message. This code will then be executed upon creating a submission, or rendering the text. This has been fixed in Formie 2.1.6.

INFO

Published Date :

2024-05-20T20:26:24.492Z

Last Modified :

2024-08-02T03:07:46.830Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-35191 vulnerability.

Vendors Products
Verbb
  • Formie
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-35191.

URL Resource
https://github.com/verbb/formie/commit/90296edf7e707f117e760aa57e70dbd43a854420 cve-icon cve-icon cve-icon
https://github.com/verbb/formie/security/advisories/GHSA-v45m-hxqp-fwf5 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact