CVE-2012-5164Cross-site Scripting in Fork CMS

CWE-79Cross-site Scripting2 documents2 sources
Severity
4.3MEDIUMNVD
EPSS
0.4%
top 36.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fork-cms Fork CMS
Timeline
PublishedSep 26
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the term parameter to (1) autocomplete.php, (2) search/ajax/autosuggest.php, (3) livesuggest.php, or (4) save.php in frontend/modules/search/ajax.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDfork-cms/fork_cms3.2.6+41

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
GHSA
GHSA-f32p-xm43-x77w: Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 32022-05-17
CVE-2012-5164 — Cross-site Scripting in Fork CMS | cvebase