[MEDIUM] Formwork CMS has Stored Cross-Site Scripting Vulnerebility in Blog Tags

PKSA-rmpr-1pwg-drvq CVE-2025-65956 GHSA-7j46-f57w-76pj

Affected version: <2.2.0

Reported by:
GitHub

[HIGH] Formwork improperly validates input of User role preventing site and panel availability

PKSA-f12j-yzp4-332f GHSA-c85w-x26q-ch87

Affected version: >=2.0.0-beta.1,<2.0.0-beta.4

Reported by:
GitHub