CVE-2020-23263 — Cross-site Scripting in Fork CMS

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.4%

top 41.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Forkcms Fork-cms Fork CMS

Timeline

PublishedMay 6

Latest updateFeb 10

Description

Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigation_title" parameter and the "title" parameter in /private/en/pages/add.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶Packagistforkcms/forkcms< 5.8.3

▶NVDfork-cms/fork_cms5.8.2

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

Cross-site scripting in forkcms↗2022-02-10

▶

GHSA

Cross-site scripting in forkcms↗2022-02-10

▶