Formie is a Craft CMS plugin for creating forms. Prior to version 2.1.44, it is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal means (a delivered email). This would require access to the form's email notification settings. This has been fixed in Formie 2.1.44.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:NVerbb Formie
APPVerbb< 2.1.44
Powiązane podatności
Formie is a Craft CMS plugin for creating forms. Prior to 2.1.44, when importing a form from JSON, if the fiel...
Formie is a Craft CMS plugin for creating forms. Prior to 2.1.6, users with access to a form's settings can in...
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP heade...
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the...
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity.