CVE-2018-5215

Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter.

CVE-2018-17595

In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI.