103 matches found
CVE-2022-35590
A cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "enddate" Parameter...
CVE-2020-24036
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code...
EUVD-2020-16772
Malware in sbrugna...
EUVD-2022-1519
Malicious code in bioql PyPI...
EUVD-2022-1514
Malicious code in bioql PyPI...
EUVD-2022-6600
Malicious code in bioql PyPI...
EUVD-2022-6523
Malicious code in bioql PyPI...
EUVD-2022-1536
Malicious code in bioql PyPI...
CVE-2022-35585
A stored cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "startdate" Parameter...
CVE-2022-0145
Cross-site Scripting XSS - Stored in GitHub repository forkcms/forkcms prior to 5.11.1...
CVE-2022-1064
SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1...
CVE-2022-0153
SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1...
Cross-site Scripting (XSS)
forkcms/forkcms is vulnerable to cross-site scripting attacks. The vulnerability exists because the SpoonLibrary does not properly handle uppercase characters, which allows remote authenticated attackers to inject and execute malicious javascript via the publishontime Parameter...
Cross-Site Scripting (XSS)
forkcms/forkcms is vulnerable to cross-site scripting. The vulnerability exists due to lack of sanitization of enddate parameter which allows a remote attacker to inject and execute malicious javascript into the system...
Cross-Site Scripting (XSS)
forkcms/forkcms is vulnerable to cross-site scripting. The vulnerability exists in the defineForkConstants function in Kernel.php because the spoon library charset is not handled properly, which allows an attacker to inject and execute arbitrary javascript via the publishondate parameter...
GHSA-Q4QV-3X58-RXMH ForkCMS XSS via `publish_on_time` parameter
A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the publishontime Parameter. This issue was patched in version 5.11.0...
GHSA-65WF-QM95-6MHM ForkCMS XSS via `publish_on_date` parameter
A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the publishondate Parameter. This issue was patched in version 5.11.0...
GHSA-PW4J-R69M-RRR5 ForkCMS XSS via `end_date` parameter
A cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the enddate Parameter. This issue was patched in version 5.11.0...
ForkCMS stored XSS via `start_date` parameter
A stored cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the startdate Parameter. This issue was patched in version 5.11.0...
GHSA-9HMC-87H4-W869 ForkCMS stored XSS via `start_date` parameter
A stored cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the startdate Parameter. This issue was patched in version 5.11.0...