{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T11:30:40.688","vulnerabilities":[{"cve":{"id":"CVE-2025-32426","sourceIdentifier":"security-advisories@github.com","published":"2025-04-11T14:15:25.320","lastModified":"2025-09-29T14:39:37.690","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Formie is a Craft CMS plugin for creating forms. Prior to version 2.1.44, it is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal means (a delivered email). This would require access to the form's email notification settings. This has been fixed in Formie 2.1.44."},{"lang":"es","value":"Formie es un complemento Craft CMS para crear formularios. Antes de la versión 2.1.44, es posible inyectar código malicioso en el contenido HTML de una notificación por correo electrónico, que luego se representa en la vista previa. No hay ningún problema al realizar el correo electrónico por medios normales (un correo electrónico entregado). Esto requeriría acceso a la configuración de notificación de correo electrónico del formulario. Esto se ha solucionado en Formie 2.1.44."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","baseScore":4.6,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:verbb:formie:*:*:*:*:*:craft_cms:*:*","versionEndExcluding":"2.1.44","matchCriteriaId":"C0F1ED41-D4CA-4683-864D-35E0F80CD6B8"}]}]}],"references":[{"url":"https://github.com/verbb/formie/security/advisories/GHSA-2xm2-23ff-p8ww","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}