Fork-Cms Fork Cms vulnerabilities

25 known vulnerabilities affecting fork-cms/fork_cms.

Total CVEs

25

CISA KEV

0

Public exploits

3

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH7MEDIUM17

Vulnerabilities

Page 2 of 2

CVE-2012-5164MEDIUMCVSS 4.3≤ 3.2.6v2.0.1+40 more2012-09-26

CVE-2012-5164 [MEDIUM] CWE-79 CVE-2012-5164: Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the term parameter to (1) autocomplete.php, (2) search/ajax/autosuggest.php, (3) livesuggest.php, or (4) save.php in frontend/modules/search/ajax.

CVE-2012-1188MEDIUMCVSS 4.3PoC≤ 3.2.62012-09-26

CVE-2012-1188 [MEDIUM] CWE-79 CVE-2012-1188: Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) type or (2) querystring parameters to private/en/error or (3) name parameter to private/en/locale/index.

CVE-2012-1208MEDIUMCVSS 4.3PoCv3.2.42012-02-24

CVE-2012-1208 [MEDIUM] CWE-79 CVE-2012-1208: Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2. Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error parameter to users/index.

CVE-2012-1207MEDIUMCVSS 5.0v3.2.42012-02-24

CVE-2012-1207 [MEDIUM] CWE-22 CVE-2012-1207: Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possi Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter to frontend/js.php.

CVE-2012-1209MEDIUMCVSS 4.3v3.2.42012-02-24

CVE-2012-1209 [MEDIUM] CWE-79 CVE-2012-1209: Cross-site scripting (XSS) vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possi Cross-site scripting (XSS) vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.

← Previous2 / 2