172 matches found
Fork CMS 5.8.0 - Persistent Cross-Site Scripting
Title: Fork CMS 5.8.0 - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-04-15 Vendor: https://www.fork-cms.com/download Software Link: https://github.com/forkcms/forkcms/pull/3073 CVE: N/A Document Title: =============== Fork CMS v5.8.0 - Multiple Persistent Web...
Fork CMS 5.8.0 Script Insertion
Document Title: =============== Fork CMS v5.8.0 - Multiple Persistent Web Vulnerbilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2208 ID 3073: https://github.com/forkcms/forkcms/pull/3073 Release Date: ============= 2020-04-17 Vulnerability...
Fork CMS v5.8.0 - Multiple Persistent Web Vulnerbilities
Document Title: =============== Fork CMS v5.8.0 - Multiple Persistent Web Vulnerbilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2208 ID 3073: https://github.com/forkcms/forkcms/pull/3073 Release Date: ============= 2020-04-16 Vulnerability...
CVE-2014-9470
Cross-site scripting XSS vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the qwidget parameter to en/search...
Cross site scripting
Cross-site scripting XSS vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the qwidget parameter to en/search...
CVE-2014-9470
Cross-site scripting XSS vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the qwidget parameter to en/search...
CVE-2014-9470
Fork CMS prior to 3.8.4 is affected by a cross-site scripting (XSS) vulnerability in the loadForm() function (Frontend/Modules/Search/Actions/Index.php) where the q_widget parameter to /en/search can inject arbitrary script/HTML. The issue arises from insufficient input filtering and is exploitab...
Spoon Library Code Injection Vulnerability
Fork CMS is an open source content management system CMS developed in PHP. The system contains blogs , questions and answers , forms and other modules . Spoon Library is used in which a PHP library for building kickass Web applications . A code injection vulnerability exists in Spoon Library...
CVE-2019-15521
Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...
CVE-2019-15521
Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...
Code injection
Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...
CVE-2019-15521
Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...
Fork CMS Cross-Site Scripting Vulnerability (CNVD-2019-01096)
Fork CMS is an open source content management system CMS developed using PHP. The system contains blogs , questions and answers , forms and other modules . A cross-site scripting vulnerability exists in the private/en/settings page in Fork CMS version 5.0.6. A remote attacker can exploit this...
CVE-2018-20682
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebookadminids parameter aka "Admin ids" input in the Facebook section...
CVE-2018-20682
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebookadminids parameter aka "Admin ids" input in the Facebook section...
Design/Logic Flaw
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebookadminids parameter aka "Admin ids" input in the Facebook section...
CVE-2018-20682
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebookadminids parameter aka "Admin ids" input in the Facebook section...
CVE-2018-20682
Fork CMS 5.0.6 is affected by a stored XSS in the private/en/settings facebook_admin_ids input (Admin ids). The root cause is unsanitized/unencoded input rendered to users, enabling arbitrary script execution in stored form. Exploitation status is not detailed in the provided documents. Multiple ...
CVE-2018-17595
In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI...
CVE-2018-17595
In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI...