Lucene search
+L

172 matches found

Exploit DB
Exploit DB
added 2020/04/20 12:0 a.m.350 views

Fork CMS 5.8.0 - Persistent Cross-Site Scripting

Title: Fork CMS 5.8.0 - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-04-15 Vendor: https://www.fork-cms.com/download Software Link: https://github.com/forkcms/forkcms/pull/3073 CVE: N/A Document Title: =============== Fork CMS v5.8.0 - Multiple Persistent Web...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/04/17 12:0 a.m.156 views

Fork CMS 5.8.0 Script Insertion

Document Title: =============== Fork CMS v5.8.0 - Multiple Persistent Web Vulnerbilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2208 ID 3073: https://github.com/forkcms/forkcms/pull/3073 Release Date: ============= 2020-04-17 Vulnerability...

Exploits0
Vulnerability Lab
Vulnerability Lab
added 2020/04/16 12:0 a.m.47 views

Fork CMS v5.8.0 - Multiple Persistent Web Vulnerbilities

Document Title: =============== Fork CMS v5.8.0 - Multiple Persistent Web Vulnerbilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2208 ID 3073: https://github.com/forkcms/forkcms/pull/3073 Release Date: ============= 2020-04-16 Vulnerability...

7.4AI score
Exploits0
NVD
NVD
added 2020/02/08 5:15 p.m.22 views

CVE-2014-9470

Cross-site scripting XSS vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the qwidget parameter to en/search...

6.1CVSS6.1AI score0.01421EPSS
Exploits2References6
Prion
Prion
added 2020/02/08 5:15 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the qwidget parameter to en/search...

4.3CVSS6.1AI score0.01421EPSS
Exploits2References6Affected Software1
Cvelist
Cvelist
added 2020/02/08 4:3 p.m.20 views

CVE-2014-9470

Cross-site scripting XSS vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the qwidget parameter to en/search...

6.1AI score0.01421EPSS
Exploits2References6
CVE
CVE
added 2020/02/08 4:3 p.m.104 views

CVE-2014-9470

Fork CMS prior to 3.8.4 is affected by a cross-site scripting (XSS) vulnerability in the loadForm() function (Frontend/Modules/Search/Actions/Index.php) where the q_widget parameter to /en/search can inject arbitrary script/HTML. The issue arises from insufficient input filtering and is exploitab...

6.1CVSS6AI score0.01421EPSS
Exploits2References6Affected Software1
CNVD
CNVD
added 2019/08/28 12:0 a.m.6 views

Spoon Library Code Injection Vulnerability

Fork CMS is an open source content management system CMS developed in PHP. The system contains blogs , questions and answers , forms and other modules . Spoon Library is used in which a PHP library for building kickass Web applications . A code injection vulnerability exists in Spoon Library...

9.8CVSS7.6AI score0.02482EPSS
Exploits0References1
NVD
NVD
added 2019/08/26 1:15 p.m.14 views

CVE-2019-15521

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...

9.8CVSS9.6AI score0.02482EPSS
Exploits0References3
OSV
OSV
added 2019/08/26 1:15 p.m.21 views

CVE-2019-15521

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...

9.8CVSS7.5AI score
Exploits0References3
Prion
Prion
added 2019/08/26 1:15 p.m.16 views

Code injection

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...

7.5CVSS9.5AI score0.02482EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2019/08/26 12:11 p.m.15 views

CVE-2019-15521

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...

9.7AI score0.02482EPSS
Exploits0References3
CNVD
CNVD
added 2019/01/10 12:0 a.m.5 views

Fork CMS Cross-Site Scripting Vulnerability (CNVD-2019-01096)

Fork CMS is an open source content management system CMS developed using PHP. The system contains blogs , questions and answers , forms and other modules . A cross-site scripting vulnerability exists in the private/en/settings page in Fork CMS version 5.0.6. A remote attacker can exploit this...

5.4CVSS6.1AI score0.00556EPSS
Exploits1References1
NVD
NVD
added 2019/01/09 11:29 p.m.22 views

CVE-2018-20682

Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebookadminids parameter aka "Admin ids" input in the Facebook section...

5.4CVSS5.2AI score0.00556EPSS
Exploits1References1
OSV
OSV
added 2019/01/09 11:29 p.m.12 views

CVE-2018-20682

Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebookadminids parameter aka "Admin ids" input in the Facebook section...

5.4CVSS5.5AI score
Exploits0References1
Prion
Prion
added 2019/01/09 11:29 p.m.13 views

Design/Logic Flaw

Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebookadminids parameter aka "Admin ids" input in the Facebook section...

3.5CVSS5.1AI score0.00556EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/01/09 11:0 p.m.19 views

CVE-2018-20682

Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebookadminids parameter aka "Admin ids" input in the Facebook section...

5.2AI score0.00556EPSS
Exploits1References1
CVE
CVE
added 2019/01/09 11:0 p.m.49 views

CVE-2018-20682

Fork CMS 5.0.6 is affected by a stored XSS in the private/en/settings facebook_admin_ids input (Admin ids). The root cause is unsanitized/unencoded input rendered to users, enabling arbitrary script execution in stored form. Exploitation status is not detailed in the provided documents. Multiple ...

5.4CVSS5.1AI score0.00556EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/10/02 6:29 p.m.35 views

CVE-2018-17595

In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI...

6.1CVSS6.4AI score0.01009EPSS
Exploits2References1
OSV
OSV
added 2018/10/02 6:29 p.m.27 views

CVE-2018-17595

In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI...

6.1CVSS6.3AI score0.01009EPSS
Exploits2References1
Rows per page
Query Builder