Lucene search
K
Fork-cmsFork Cms

25 matches found

CVE
CVE
added 2022/03/24 5:5 p.m.115 views

CVE-2022-0153

Fork CMS contains a SQL injection vulnerability in versions prior to 5.11.1. The issue occurs when deleting submissions that belong to a form created with the FormBuilder module, where the id[] parameter is vulnerable to SQL injection. The CVE-2022-0153 entry is corroborated by multiple sources (...

9.6CVSS8AI score0.01111EPSS
CVE
CVE
added 2022/03/25 11:35 a.m.114 views

CVE-2022-1064

Fork CMS (forkcms/forkcms) is affected by SQL injection in versions prior to 5.11.1, via the ids parameter in blog comments where bulk marking as spam enables injection. The root cause is lack of validation of externally entered SQL statements in that parameter. Consequences stated include potent...

9CVSS9.1AI score0.01134EPSS
CVE
CVE
added 2020/02/08 4:3 p.m.104 views

CVE-2014-9470

Fork CMS prior to 3.8.4 is affected by a cross-site scripting (XSS) vulnerability in the loadForm() function (Frontend/Modules/Search/Actions/Index.php) where the q_widget parameter to /en/search can inject arbitrary script/HTML. The issue arises from insufficient input filtering and is exploitab...

6.1CVSS6AI score0.01421EPSS
Web
CVE
CVE
added 2022/03/24 10:35 a.m.97 views

CVE-2022-0145

Fork CMS (forkcms/forkcms) prior to version 5.11.1 is affected by a stored XSS vulnerability. The flaw allows an attacker to inject and have JavaScript execute when a new module is uploaded, via the module description field, with exploitation tied to viewing the Details page after upload. Impact ...

6.8CVSS5.3AI score0.00671EPSS
CVE
CVE
added 2022/08/12 3:49 p.m.93 views

CVE-2022-35590

ForkCMS 5.9.3 contains a cross-site scripting (XSS) vulnerability that allows remote attackers to inject JavaScript via the end_date parameter due to insufficient input sanitization. This affects ForkCMS and is documented across multiple sources (including Red Hat and Veracode references). The is...

4.8CVSS4.8AI score0.00631EPSS
CVE
CVE
added 2022/08/12 3:55 p.m.92 views

CVE-2022-35585

ForkCMS 5.9.3 is affected by a stored XSS via the start_date parameter. The vulnerability allows remote attackers to inject JavaScript, with exploit noted as requiring user interaction and a network-focused attack surface. A fix is available in ForkCMS 5.11.0, per multiple connected sources (e.g....

4.8CVSS4.8AI score0.00673EPSS
CVE
CVE
added 2022/08/12 3:54 p.m.91 views

CVE-2022-35587

Summary: ForkCMS 5.9.3 is affected by a cross-site scripting (XSS) flaw that allows remote injection of JavaScript via the publish_on_date parameter. The issue is described across multiple sources and is attributed to the handling of the spoon library charset in Kernel.php (defineForkConstants). ...

4.8CVSS4.8AI score0.00673EPSS
CVE
CVE
added 2022/08/12 3:51 p.m.82 views

CVE-2022-35589

Summary: CVE-2022-35589 is a cross-site scripting (XSS) vulnerability in ForkCMS v5.9.3 that allows remote attackers to inject JavaScript via the publish_on_time parameter. The issue has several public entries (NVD, Red Hat, Veracode, GHSA) describing the same vector and confirm the vulnerable co...

4.8CVSS4.8AI score0.00639EPSS
CVE
CVE
added 2021/05/06 9:42 p.m.77 views

CVE-2020-23263

Fork CMS 5.8.2 is affected by a persistent cross-site scripting (XSS) vulnerability (CVE-2020-23263). Attack vector: remote, via user-supplied data in navigation_title and title parameters on /private/en/pages/add. Impact described as injection of arbitrary Javascript code; authenticated/unauthen...

6.1CVSS6.2AI score0.00844EPSS
Web
CVE
CVE
added 2021/03/04 12:28 p.m.71 views

CVE-2020-24036

ForkCMS prior to version 5.8.3 is affected by PHP object injection via the backend Ajax endpoint. The vulnerability allows an authenticated remote user to inject PHP objects through unserialize calls in the Ajax handlers, enabling remote code execution. The issue is specific to ForkCMS’s backend ...

8.8CVSS8.8AI score0.02935EPSS
CVE
CVE
added 2021/05/06 9:46 p.m.70 views

CVE-2020-23264

CVE-2020-23264 is a CSRF vulnerability in the Fork-CMS platform, affecting versions before 5.8.2 . The issue allows remote attackers to hijack the authentication of logged-in administrators. The provided documents specify the vulnerability but do not include a concrete root-cause analysis or expl...

8.8CVSS8.9AI score0.00629EPSS
CVE
CVE
added 2021/01/11 3:54 p.m.68 views

CVE-2020-23960

CVE-2020-23960 is documented across multiple connected records as a set of multiple CSRF vulnerabilities in the ForkCMS Admin Console prior to version 5.8.3. The issues allow remote attackers to perform unauthorized administrator actions such as approving large user comment queues, restoring dele...

8.8CVSS8.8AI score0.00676EPSS
CVE
CVE
added 2021/10/22 7:20 p.m.67 views

CVE-2020-23049

Fork CMS Content Management System v5.8.0 is affected by a cross-site scripting (XSS) vulnerability in the Displayname field when using Add, Edit, or Register. The root cause is improper encoding/input handling of the Displayname field, enabling attackers to inject and execute arbitrary web scrip...

5.4CVSS5.3AI score0.00576EPSS
CVE
CVE
added 2021/07/07 2:1 p.m.65 views

CVE-2021-28931

Fork CMS 5.9.2 has an arbitrary file upload vulnerability that lets an attacker create or replace arbitrary files in the /themes directory by uploading a crafted ZIP via the Themes panel. CVSS metrics indicate a high impact (CVSS-3.1 base score 8.8, high confidentiality/ integrity/ availability i...

8.8CVSS8.5AI score0.0121EPSS
CVE
CVE
added 2012/09/26 12:0 a.m.63 views

CVE-2012-1188

CVE-2012-1188 covers multiple XSS vulnerabilities in Fork CMS before 3.2.7. The flaws allow remote attackers to inject arbitrary HTML/JS via: (1) type and (2) querystring parameters to /private/en/error, and (3) name parameter to /private/en/locale/index. The issue affects Fork CMS versions up to...

4.3CVSS5.7AI score0.04458EPSS
Web
CVE
CVE
added 2015/02/06 3:0 p.m.57 views

CVE-2015-1467

Fork CMS is affected by SQL injection in the Translations feature prior to version 3.8.6. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via the language[] and type[] parameters sent to private/en/locale/index. The issue is triggered when an authenticated us...

7.5CVSS8.1AI score0.02395EPSS
Web
CVE
CVE
added 2012/02/20 7:0 p.m.55 views

CVE-2012-1207

Summary (CVE-2012-1207) : Fork CMS vulnerable component is in frontend/core/engine/javascript.php ; a directory traversal flaw allows remote attackers to read files via a “..” in the module parameter to frontend/js.php . Affected: Fork CMS 3.2.4 and possibly earlier versions before 3.2.5. Impact ...

5CVSS6.8AI score0.01877EPSS
Web
CVE
CVE
added 2018/01/04 7:0 p.m.53 views

CVE-2018-5215

Fork CMS 5.0.7 is affected by an XSS vulnerability in the title parameter of the /private/en/pages/edit endpoint. The root cause is a cross-site scripting flaw that allows injection via the title field, as documented across multiple sources (CVE-2018-5215 and related advisories). Exploitation det...

5.4CVSS5.2AI score0.00537EPSS
Web
CVE
CVE
added 2012/02/20 7:0 p.m.52 views

CVE-2012-1209

CVE-2012-1209 describes a cross-site scripting (XSS) vulnerability in Fork CMS. The issue is in the backend/core/engine/base.php file for Fork CMS versions around 3.2.4 and possibly earlier than 3.2.5, where an attacker could inject arbitrary web script or HTML via the highlight parameter. The vu...

4.3CVSS5.9AI score0.01226EPSS
Web
CVE
CVE
added 2012/02/20 7:0 p.m.50 views

CVE-2012-1208

Fork CMS 3.2.4 (and possibly earlier versions) is affected by multiple XSS vulnerabilities in backend/core/engine/base.php that allow remote attackers to inject arbitrary script via the blog/settings report parameter or users/index error parameter. The issue is addressed in Fork CMS 3.2.5 (per li...

4.3CVSS6AI score0.04075EPSS
Web
CVE
CVE
added 2018/10/02 6:0 p.m.49 views

CVE-2018-17595

CVE-2018-17595 affects Fork CMS 5.4.0, where HTML Injection and Stored XSS are triggered through the /backend/ajax URI. The available connected sources confirm the vulnerability in the specified version and describe the attack class as HTML injection leading to stored XSS in Fork CMS’s backend AJ...

6.1CVSS6.3AI score0.01009EPSS
Web
CVE
CVE
added 2019/01/09 11:0 p.m.48 views

CVE-2018-20682

Fork CMS 5.0.6 is affected by a stored XSS in the private/en/settings facebook_admin_ids input (Admin ids). The root cause is unsanitized/unencoded input rendered to users, enabling arbitrary script execution in stored form. Exploitation status is not detailed in the provided documents. Multiple ...

5.4CVSS5.1AI score0.00556EPSS
Web
CVE
CVE
added 2019/08/26 12:11 p.m.48 views

CVE-2019-15521

CVE-2019-15521 affects Spoon Library up to 2014-02-06 as used in Fork CMS before 1.4.1 and other products. The vulnerability enables PHP object injection via a cookie containing a serialized object, allowing code execution under deserialization in spoon/cookie/cookie.php. Public sources (Red Hat,...

9.8CVSS9.6AI score0.02482EPSS
CVE
CVE
added 2020/05/27 3:4 p.m.45 views

CVE-2020-13633

Fork CMS prior to version 5.8.3 is vulnerable to cross-site scripting (XSS) due to insufficient escaping of user-supplied values in navigation_title and pageTitle (createHtml()). The vulnerability allows injection of malicious scripts through these fields, with the impact described as XSS in mult...

6.1CVSS5.9AI score0.00679EPSS
CVE
CVE
added 2012/09/26 12:0 a.m.40 views

CVE-2012-5164

Fork CMS before 3.2.7 is affected by multiple XSS vulnerabilities that allow remote injection of arbitrary scripts via the term parameter to frontend/modules/search/ajax/autocomplete.php, search/ajax/autosuggest.php, livesuggest.php, and save.php. Affects Fork CMS 3.x up to 3.2.7; CVSSv2 base sco...

4.3CVSS5.9AI score0.0122EPSS
Web