Fork Cms Security Vulnerabilities and Issues — Fork Cms CVE List

Lucene search

Fork-cmsFork Cms

6 matches found

CVE•added 2021/05/06 10:15 p.m.•65 views

CVE-2020-23263

Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigation_title" parameter and the "title" parameter in /private/en/pages/add.

6.1CVSS6.2AI score0.00199EPSS

CVE•added 2021/05/06 10:15 p.m.•57 views

CVE-2020-23264

Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators.

8.8CVSS8.9AI score0.00111EPSS

CVE•added 2021/03/04 1:15 p.m.•57 views

CVE-2020-24036

PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.

8.8CVSS8.8AI score0.01279EPSS

CVE•added 2021/01/11 4:15 p.m.•53 views

CVE-2020-23960

Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a deleted user, (3) installing or running modules, (4) resettin...

8.8CVSS8.8AI score0.00205EPSS

CVE•added 2021/07/07 3:15 p.m.•50 views

CVE-2021-28931

Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel.

8.8CVSS8.5AI score0.00423EPSS

CVE•added 2021/10/22 8:15 p.m.•46 views

CVE-2020-23049

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Displayname field when using the Add, Edit or `Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML.

5.4CVSS5.3AI score0.00281EPSS