Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-1188Cross-site Scripting in Fork CMS

CWE-79Cross-site Scripting5 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
13.8%
top 5.68%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
ForkcmsFork-cms Fork CMS
Timeline
PublishedSep 26
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) type or (2) querystring parameters to private/en/error or (3) name parameter to private/en/locale/index.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

Packagistforkcms/forkcms< 3.2.7

Patches

Patch: www.fork-cms.comPatch: www.fork-cms.com

🔴Vulnerability Details

2
GHSA
Fork CMS Multiple XSS Vulnerabilities2022-05-17
OSV
Fork CMS Multiple XSS Vulnerabilities2022-05-17

💥Exploits & PoCs

2
Exploit-DB
Fork CMS 3.x - '/backend/modules/error/actions/index.php?parse()' Multiple Error Display Cross-Site Scripting Vulnerabilities2012-02-28
Exploit-DB
Fork CMS 3.x - '/private/en/locale/index?name' Cross-Site Scripting2012-02-28
CVE-2012-1188 — Cross-site Scripting in Fork CMS | cvebase