Malicious Package

Overview @logistics-frontend/modules is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if th...

MAL-2022-394 Malicious code in @logistics-frontend/modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4cfb4ef58af701fde6a6535d9f669a870e7ef44606fb659eba4368fb835340a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Cross-Site Scripting (XSS)

forkcms has cross-site scripting XSS vulnerability. The vulnerability is possible because the value returned by the getAllComments function in Frontend/Modules/Blog/Engine/Model.php is not properly escaped, allowing a malicious user to inject and execute arbitrary web script...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the term parameter to 1 autocomplete.php, 2 search/ajax/autosuggest.php, 3 livesuggest.php, or 4 save.php in frontend/modules/search/ajax...

CVE-2012-5164

Multiple cross-site scripting XSS vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the term parameter to 1 autocomplete.php, 2 search/ajax/autosuggest.php, 3 livesuggest.php, or 4 save.php in frontend/modules/search/ajax...