Description

Formie is a Craft CMS plugin for creating forms. Prior to version 2.1.44, it is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal means (a delivered email). This would require access to the form's email notification settings. This has been fixed in Formie 2.1.44.

INFO

Published Date :

2025-04-11T13:42:21.972Z

Last Modified :

2025-04-11T14:16:53.734Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-32426 vulnerability.

Vendors Products
Verbb
  • Formie
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-32426.

URL Resource
https://github.com/verbb/formie/security/advisories/GHSA-2xm2-23ff-p8ww cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact