CVE-2012-1209

Cross-site scripting XSS vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter...

CVE-2012-1208

Multiple cross-site scripting XSS vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the 1 report parameter to blog/settings or 2 error parameter to users/index...

CVE-2012-1207

Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to read arbitrary files via a .. dot dot in the module parameter to frontend/js.php...

Directory traversal

Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to read arbitrary files via a .. dot dot in the module parameter to frontend/js.php...

Cross site scripting

Cross-site scripting XSS vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter...

Fork CMS < 3.2.5 Multiple Vulnerabilities - Active Check

Fork CMS is prone to multiple cross-site scripting XSS vulnerabilities and a local file include LFI vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Fork CMS Cross Site Scripting and Local File Include Vulnerabilities

Fork CMS is prone to multiple cross-site scripting vulnerabilities and a local file include vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication...

CVE-2012-1208

Multiple cross-site scripting XSS vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the 1 report parameter to blog/settings or 2 error parameter to users/index...

CVE-2012-1209

Cross-site scripting XSS vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter...

CVE-2012-1207

Summary (CVE-2012-1207) : Fork CMS vulnerable component is in frontend/core/engine/javascript.php ; a directory traversal flaw allows remote attackers to read files via a “..” in the module parameter to frontend/js.php . Affected: Fork CMS 3.2.4 and possibly earlier versions before 3.2.5. Impact ...

CVE-2012-1209

CVE-2012-1209 describes a cross-site scripting (XSS) vulnerability in Fork CMS. The issue is in the backend/core/engine/base.php file for Fork CMS versions around 3.2.4 and possibly earlier than 3.2.5, where an attacker could inject arbitrary web script or HTML via the highlight parameter. The vu...

CVE-2012-1208

Fork CMS 3.2.4 (and possibly earlier versions) is affected by multiple XSS vulnerabilities in backend/core/engine/base.php that allow remote attackers to inject arbitrary script via the blog/settings report parameter or users/index error parameter. The issue is addressed in Fork CMS 3.2.5 (per li...

CVE-2012-1207

Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to read arbitrary files via a .. dot dot in the module parameter to frontend/js.php...

Fork CMS v. 3. 2. 4 multiple defects ( LFI - XSS )-a vulnerability warning-the black bar safety net

Title: Fork CMS v. 3. 2. 4 - Multiple Vulnerabilities Developers: http://www.fork-cms.com Author: RandomStorm - http://www.randomstorm.com Avram Marius Gabriel d3v1l Test platform: Windows XP & Vista The management panel of the reflection type cross-siteXSS Test: http://www.badguest.cn...

Fork CMS v.3.2.4 - Multiple Vulnerabilities ( LFI - XSS )

Exploit for php platform in category web applications Exploit Title: Fork CMS v.3.2.4 - Multiple Vulnerabilities Script Page : http://www.fork-cms.com Date: 11-02-2012 Author : RandomStorm - http://www.randomstorm.com Avram Marius Gabriel d3v1l Tested on: Windows XP & Vista Reflected Cross-Site...

Multiple XSS in Fork CMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Fork CMS, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Fork CMS: CVE-2012-1188 1.1 Input passed via the "type" and "querystring" GET parameters to...

Fork CMS 3.2.4 Cross Site Scripting / Local File Inclusion

Exploit Title: Fork CMS v.3.2.4 - Multiple Vulnerabilities Script Page : http://www.fork-cms.com Date: 11-02-2012 Author : RandomStorm - http://www.randomstorm.com Avram Marius Gabriel d3v1l Tested on: Windows XP & Vista Reflected Cross-Site Scripting XSS on Admin Panel POC:...

Fork CMS 3.2.4 - Local File Inclusion / Cross-Site Scripting

Exploit Title: Fork CMS v.3.2.4 - Multiple Vulnerabilities Script Page : http://www.fork-cms.com Date: 11-02-2012 Author : RandomStorm - http://www.randomstorm.com Avram Marius Gabriel d3v1l Tested on: Windows XP & Vista Reflected Cross-Site Scripting XSS on Admin Panel POC:...

Fork CMS 3.2.4 - Local File Inclusion Cross-Site Scripting

Fork CMS 3.2.4 - Local File Inclusion Cross-Site Scripting Exploit Title: Fork CMS v.3.2.4 - Multiple Vulnerabilities Script Page : http://www.fork-cms.com Date: 11-02-2012 Author : RandomStorm - http://www.randomstorm.com Avram Marius Gabriel d3v1l Tested on: Windows XP & Vista Reflected...

Fork CMS 3.1.5 - Multiple Cross-Site Scripting Vulnerabilities

Fork CMS 3.1.5 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/51045/info Fork CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An...