Fork CMS Cross-site Scripting Vulnerability

Fork before 5.8.3 allows XSS via navigationtitle or title...

GHSA-74GC-HF33-5353 Fork CMS Cross-site Scripting Vulnerability

Fork before 5.8.3 allows XSS via navigationtitle or title...

Spoon Library as used in Fork CMS allows PHP object injection

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...

GHSA-2P2X-MW56-JC98 Spoon Library as used in Fork CMS allows PHP object injection

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...

GHSA-X377-F64P-HF5J PyCrypto does not properly reseed PRNG before allowing access

The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator PRNG before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a...

Fork CMS Multiple XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the 1 type or 2 querystring parameters to private/en/error or 3 name parameter to private/en/locale/index...

GHSA-J5FJ-M342-MGCM Fork CMS Multiple XSS Vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the 1 type or 2 querystring parameters to private/en/error or 3 name parameter to private/en/locale/index...

GHSA-V3FG-X8JW-M974 Fork CMS XSS via Highlight Parameter

Cross-site scripting XSS vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter...

Fork CMS XSS via Highlight Parameter

Cross-site scripting XSS vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter...

GHSA-8FJQ-CPR7-CMFP Fork CMS XSS Vulnerability

Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter...

Fork CMS XSS Vulnerability

Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter...

Fork CMS XSS Vulnerability

Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebookadminids parameter aka "Admin ids" input in the Facebook section...

GHSA-XCMJ-XJHG-WVHQ Fork CMS XSS Vulnerability

Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebookadminids parameter aka "Admin ids" input in the Facebook section...

Missing permission checks in Jenkins Distributed Fork Plugin

It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all...

GHSA-2CM5-F78C-H2C8 Missing permission checks in Jenkins Distributed Fork Plugin

It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that provides the dist-fork CLI command beyond the basic check for Overall/Read permission, allowing anyone with that permission to run arbitrary shell commands on all...

OESA-2022-1636 nekohtml security update

NekoHTML is a simple HTML scanner and tag balancer that enables application programmers to parse HTML documents and access the information using standard XML interfaces. Security Fixes: org.cyberneko.html is an html parser written in Java. The fork of org.cyberneko.html used by Nokogiri Rubygem...

SUSE-SU-2022:1560-1 Security update for libwmf

This update for libwmf fixes the following issues: libwmf was updated to 0.2.12: upstream changed to fork from Fedora: https://github.com/caolanm/libwmf merged all the pending fixes merge in fixes for libgd CVE-2019-6978 bsc1123522 fixed memory allocation failure CVE-2016-9011 Fixes for %libexecd...

SUSE SLES12 Security Update : git (SUSE-SU-2022:1306-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:1306-1 advisory. - Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, whe...

CVE-2022-24765

Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder C:.git, which would be picked up by Git operation...

CVE-2022-24765

Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder C:.git, which would be picked up by Git operation...