forkcms/forkcms is vulnerable to cross-site scripting (XSS) attacks. The library doesn’t properly escape the data values provided by the user such as navigation_title
and pageTitle
in the function createHtml()
, allowing a malicious user to inject and execute malicious web script.
CPE | Name | Operator | Version |
---|---|---|---|
forkcms/forkcms | le | 5.8.2 | |
forkcms/forkcms | le | 5.8.2 |