Primary

Context

FormCms Improper Access Control Vulnerability in Schema History Endpoint Allowing Unauthenticated Data Access

Vulnerability

A vulnerability in FormCms version 0.5.4 allows unauthenticated attackers to access historical schema data through the /api/schemas/history/[schemaId] endpoint. If a valid schemaId is known or guessed, the entire schema history and associated definitions can be retrieved without authentication or authorization.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive historical schema data, including complete schema definitions, which could be misused for malicious purposes or to gain an unfair advantage.

Remediation

Users can upgrade to FormCms version 0.5.5, where this vulnerability has been addressed.

Added: Sep 30, 2025, 4:23 PM

Updated: Sep 30, 2025, 4:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.2

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FormCms Improper Access Control Vulnerability in Schema History Endpoint Allowing Unauthenticated Data Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating