CVE-2022-35589 — Cross-site Scripting in Fork CMS

Severity

4.8MEDIUMNVD

EPSS

0.2%

top 59.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedAug 12

Latest updateAug 13

Description

A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter.

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

▶Packagistforkcms/forkcms< 5.11.0

OSV

ForkCMS XSS via `publish_on_time` parameter↗2022-08-13

▶

GHSA

ForkCMS XSS via `publish_on_time` parameter↗2022-08-13

▶