CVE-2022-35590

A cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "enddate" Parameter...

CVE-2020-24036

PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code...

EUVD-2020-16772

Malware in sbrugna...

EUVD-2022-1519

Malicious code in bioql PyPI...

EUVD-2022-1514

Malicious code in bioql PyPI...

EUVD-2022-6600

Malicious code in bioql PyPI...

EUVD-2022-6523

Malicious code in bioql PyPI...

EUVD-2022-1536

Malicious code in bioql PyPI...

CVE-2022-35585

A stored cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "startdate" Parameter...

CVE-2022-0145

Cross-site Scripting XSS - Stored in GitHub repository forkcms/forkcms prior to 5.11.1...

CVE-2022-1064

SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1...

CVE-2022-0153

SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1...

Cross-site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scripting attacks. The vulnerability exists because the SpoonLibrary does not properly handle uppercase characters, which allows remote authenticated attackers to inject and execute malicious javascript via the publishontime Parameter...

Cross-Site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scripting. The vulnerability exists due to lack of sanitization of enddate parameter which allows a remote attacker to inject and execute malicious javascript into the system...

Cross-Site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scripting. The vulnerability exists in the defineForkConstants function in Kernel.php because the spoon library charset is not handled properly, which allows an attacker to inject and execute arbitrary javascript via the publishondate parameter...

GHSA-Q4QV-3X58-RXMH ForkCMS XSS via `publish_on_time` parameter

A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the publishontime Parameter. This issue was patched in version 5.11.0...

GHSA-65WF-QM95-6MHM ForkCMS XSS via `publish_on_date` parameter

A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the publishondate Parameter. This issue was patched in version 5.11.0...

ForkCMS stored XSS via `start_date` parameter

A stored cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the startdate Parameter. This issue was patched in version 5.11.0...

GHSA-PW4J-R69M-RRR5 ForkCMS XSS via `end_date` parameter

A cross-site scripting XSS issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the enddate Parameter. This issue was patched in version 5.11.0...

ForkCMS XSS via `publish_on_date` parameter

A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the publishondate Parameter. This issue was patched in version 5.11.0...