CVE-2022-35590Cross-site Scripting in Forkcms

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.8MEDIUMNVD
EPSS
0.2%
top 59.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ForkcmsFork-cms Fork CMS
Timeline
PublishedAug 12
Latest updateAug 13

Description

A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_date" Parameter

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

Packagistforkcms/forkcms< 5.11.0

🔴Vulnerability Details

2
GHSA
ForkCMS XSS via `end_date` parameter2022-08-13
OSV
ForkCMS XSS via `end_date` parameter2022-08-13
CVE-2022-35590 — Cross-site Scripting in Forkcms | cvebase