CVE-2022-35587

A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishondate" Parameter...

Cross-Site Scripting (XSS)

forkcms/forkcms is vulnerable to cross-site scripting. The vulnerability exists in the defineForkConstants function in Kernel.php because the spoon library charset is not handled properly, which allows an attacker to inject and execute arbitrary javascript via the publishondate parameter...

ForkCMS XSS via `publish_on_date` parameter

A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the publishondate Parameter. This issue was patched in version 5.11.0...

CVE-2022-35587

A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishondate" Parameter...

CVE-2022-35587

A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishondate" Parameter...

Cross site scripting

A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishondate" Parameter...

Cross-site Scripting (XSS) - Generic in forkcms/forkcms

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishondate" Parameter 🕵️‍♂️ Proof of Concept Vulnerable parameter: publishondate XSS payload: '"%26%25alert1 Steps to reproduce issue 1- Login to Fork admin panel 2-...