Formie has a XSS vulnerability for importing forms

Formie is a Craft CMS plugin for creating forms. Prior to 2.1.44, when importing a form from JSON, if the field label or handle contained malicious content, the output wasn't correctly escaped when viewing a preview of what was to be imported. As imports are undertaking primarily by users who have themselves exported the form from one environment to another, and would require direct manipulation of the JSON export, this is marked as moderate. This vulnerability will not occur unless someone deliberately tampers with the export. This vulnerability is fixed in 2.1.44.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Formie for Craft CMS 跨站脚本漏洞

Formie for Craft CMS是Verbb开源的一个Craft CMS的表单插件。 Formie for Craft CMS 2.1.44之前版本存在跨站脚本漏洞，该漏洞源于导入表单时未正确转义输出。

N/A

N/A