Fork CMS Cross-Site Scripting Vulnerability (CNVD-2020-31119)

Fork CMS is an open source content management system CMS developed using PHP. The system contains blogs , questions and answers , forms and other modules . A cross-site scripting vulnerability exists in Fork versions prior to 5.8.3. The vulnerability stems from the lack of proper validation of...

CVE-2020-13633

Fork before 5.8.3 allows XSS via navigationtitle or title...

CVE-2020-13633

Fork before 5.8.3 allows XSS via navigationtitle or title...

Design/Logic Flaw

Fork before 5.8.3 allows XSS via navigationtitle or title...

CVE-2020-13633

Fork CMS prior to version 5.8.3 is vulnerable to cross-site scripting (XSS) due to insufficient escaping of user-supplied values in navigation_title and pageTitle (createHtml()). The vulnerability allows injection of malicious scripts through these fields, with the impact described as XSS in mult...

CVE-2020-13633

Fork before 5.8.3 allows XSS via navigationtitle or title...

Security Bulletin: Multiple vulnerabilities have been identified in OpenSSL, a product which ships with IBM Tivoli Nework Manager

Summary OpenSSL is shipped with IBM Tivoli Network Manager version 3.9 Fix Pack 4 and Fix Pack 5. Information about a security vulnerability affecting OpenSSL is published here. Vulnerability Details CVEID: CVE-2019-1547 DESCRIPTION: OpenSSL could allow a local authenticated attacker to obtain...

glibc security, bug fix, and enhancement update

2.28-101.0.1 - add Ampere emag to tunable cpu list Patrick McGehearty - add optimized memset for emag - add an ASIMD variant of strlen for falkor - Orabug: 2700101. - Modify glibc-ora28849085.patch so it works with RHCK kernels. - Orabug: 28849085. - Make IOfunlockfile match funlockfile and...

openssl: information disclosure in fork()

OpenSSL 1.1.1 introduced a rewritten random number generator RNG. This was intended to include protection in the event of a fork system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A...

Moderate: Red Hat Security Advisory: openssl security and bug fix update

An update for openssl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Fork CMS 5.8.0 - Persistent Cross-Site Scripting

Title: Fork CMS 5.8.0 - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-04-15 Vendor: https://www.fork-cms.com/download Software Link: https://github.com/forkcms/forkcms/pull/3073 CVE: N/A Document Title: =============== Fork CMS v5.8.0 - Multiple Persistent Web...

Fork CMS 5.8.0 Script Insertion

Document Title: =============== Fork CMS v5.8.0 - Multiple Persistent Web Vulnerbilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2208 ID 3073: https://github.com/forkcms/forkcms/pull/3073 Release Date: ============= 2020-04-17 Vulnerability...

Fork CMS v5.8.0 - Multiple Persistent Web Vulnerbilities

Document Title: =============== Fork CMS v5.8.0 - Multiple Persistent Web Vulnerbilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2208 ID 3073: https://github.com/forkcms/forkcms/pull/3073 Release Date: ============= 2020-04-16 Vulnerability...

openssl: information disclosure in fork()

OpenSSL 1.1.1 introduced a rewritten random number generator RNG. This was intended to include protection in the event of a fork system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A...

openssl: information disclosure in fork()

OpenSSL 1.1.1 introduced a rewritten random number generator RNG. This was intended to include protection in the event of a fork system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A...

Security Bulletin: OpenSSL publicly disclosed vulnerability

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerabilityies by updating the version of OpenSSL. Vulnerability Details CVEID: CVE-2019-1563 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a padding oracle attack in...

[SECURITY] Fedora 31 Update: libasr-1.0.4-1.fc31

Libasr allows to run DNS queries and perform hostname resolutions in a fully asynchronous fashion. The implementation is thread-less, fork-less, and doe s not make use of signals or other "tricks" that might get in the developer's way. The API was initially developed for the OpenBSD operating...

CVE-2014-9470

Cross-site scripting XSS vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the qwidget parameter to en/search...

Cross site scripting

Cross-site scripting XSS vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the qwidget parameter to en/search...

CVE-2014-9470

Fork CMS prior to 3.8.4 is affected by a cross-site scripting (XSS) vulnerability in the loadForm() function (Frontend/Modules/Search/Actions/Index.php) where the q_widget parameter to /en/search can inject arbitrary script/HTML. The issue arises from insufficient input filtering and is exploitab...