CVE-2012-1208
published 2012-02-24CVE-2012-1208: Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
4.08%
89.4th percentile
Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error parameter to users/index.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fork-cms | fork_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Fork CMS 3.2.5 - Multiple Vulnerabilities
exploitdb·2012-02-21
CVE-2012-1305 Fork CMS 3.2.5 - Multiple Vulnerabilities
Fork CMS 3.2.5 - Multiple Vulnerabilities
---
+--------------------------------------------------------------------------------------------------------------------------------+
# Exploit Title : ForkCMS 3.2.5 Multiple Vulnerabilities
# Date : 21-02-2012
# Author : Ivano Binetti (http://ivanobinetti.com)
# Software link : https://github.com/forkcms/forkcms/zipball/3.2.5
# Vendor site : http://www.fork-cms.com/
# Version : 3.2.5 and lower
# Tested on : Debian Squeeze (6.0)
# Original Advisory : http://ivanobinetti.blogspot.com/2012/02/forkcms-325-csrf-and-xss-0day.html
# CVE ID : CVE-2012-1304, CVE-2012-1305, CVE-2012-1306, CVE-2012-1307
# Secunia ID : SA48067
# OSVDB ID : 79444 (http://osvdb.org/show/osvdb/79444)
# IBM X-Force ID : 73394 (http://xforce.iss.net/xforce/xfdb/73394)
# Other
Exploit-DB
Fork CMS 3.2.4 - Local File Inclusion / Cross-Site Scripting
exploitdb·2012-02-12
CVE-2012-1304 Fork CMS 3.2.4 - Local File Inclusion / Cross-Site Scripting
Fork CMS 3.2.4 - Local File Inclusion / Cross-Site Scripting
---
##########################################################################################################################
# Exploit Title: Fork CMS v.3.2.4 - Multiple Vulnerabilities
# Script Page : http://www.fork-cms.com
# Date: 11-02-2012
# Author : RandomStorm - http://www.randomstorm.com
# Avram Marius Gabriel (d3v1l)
# Tested on: Windows XP & Vista
##########################################################################################################################
# Reflected Cross-Site Scripting (XSS) on Admin Panel
# POC:
# http://site.com/blog/settings?token=true&report=alert(1)
# http://site.com/users/index?token=true&error=alert(1)
##############################################################
No writeups or analysis indexed.
http://packetstormsecurity.org/files/109709/Fork-CMS-3.2.4-Cross-Site-Scripting-Local-File-Inclusion.htmlhttp://secunia.com/advisories/47937http://www.fork-cms.com/blog/detail/fork-cms-3-2-5-releasedhttp://www.securityfocus.com/bid/51972https://github.com/forkcms/forkcms/commit/8fa74dd3e2e32723cd121177dce6aeac37e29df6https://github.com/forkcms/forkcms/commit/d65c083adc91c88d21bd9a0df4c2688df634c6ffhttps://github.com/forkcms/forkcms/commit/df75e0797a6540c4d656969a2e7df7689603b2cfhttp://packetstormsecurity.org/files/109709/Fork-CMS-3.2.4-Cross-Site-Scripting-Local-File-Inclusion.htmlhttp://secunia.com/advisories/47937http://www.fork-cms.com/blog/detail/fork-cms-3-2-5-releasedhttp://www.securityfocus.com/bid/51972https://github.com/forkcms/forkcms/commit/8fa74dd3e2e32723cd121177dce6aeac37e29df6https://github.com/forkcms/forkcms/commit/d65c083adc91c88d21bd9a0df4c2688df634c6ffhttps://github.com/forkcms/forkcms/commit/df75e0797a6540c4d656969a2e7df7689603b2cf
2012-02-24
Published