4 matches found
CVE-2014-9470
Cross-site scripting XSS vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the qwidget parameter to en/search...
CVE-2014-9470
Fork CMS prior to 3.8.4 is affected by a cross-site scripting (XSS) vulnerability in the loadForm() function (Frontend/Modules/Search/Actions/Index.php) where the q_widget parameter to /en/search can inject arbitrary script/HTML. The issue arises from insufficient input filtering and is exploitab...
CVE-2014-9470
Cross-site scripting XSS vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the qwidget parameter to en/search...
Fork CMS 3.8.3 Cross Site Scripting
Exploit Title: XSS Vulnerability in Fork CMS 3.8.3 Google Dork: N/A Date: 12/26/2014 Exploit Author: Le Ngoc phi [email protected] and ITAS Team www.itas.vn Vendor Homepage: http://www.fork-cms.com Software Link: http://www.fork-cms.com/blog/detail/fork-3.8.4-released Version: Fork 3.8.3 Tested on...