cbcvebase.

Fork-Cms Fork Cms vulnerabilities

25 known vulnerabilities affecting fork-cms/fork_cms.

Total CVEs
25
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH7MEDIUM17

Vulnerabilities

Page 2 of 2
CVE-2022-35585P4MEDIUMCVSS 4.8v5.9.32022-08-12
CVE-2022-35585 [MEDIUM] CWE-79 CVE-2022-35585: A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to in A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter
nvd
CVE-2022-35589P4MEDIUMCVSS 4.8v5.9.32022-08-12
CVE-2022-35589 [MEDIUM] CWE-79 CVE-2022-35589: A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaS A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter.
nvd
CVE-2022-35590P4MEDIUMCVSS 4.8v5.9.32022-08-12
CVE-2022-35590 [MEDIUM] CWE-79 CVE-2022-35590: A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject Ja A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_date" Parameter
nvd
CVE-2012-5164P4MEDIUMCVSS 4.3≤ 3.2.6v2.0.1+40 more2012-09-26
CVE-2012-5164 [MEDIUM] CWE-79 CVE-2012-5164: Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the term parameter to (1) autocomplete.php, (2) search/ajax/autosuggest.php, (3) livesuggest.php, or (4) save.php in frontend/modules/search/ajax.
nvd
CVE-2012-1209P4MEDIUMCVSS 4.3v3.2.42012-02-24
CVE-2012-1209 [MEDIUM] CWE-79 CVE-2012-1209: Cross-site scripting (XSS) vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possi Cross-site scripting (XSS) vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.
nvd
Fork-Cms Fork Cms vulnerabilities | cvebase