EPSS
Percentile
26.4%
Fork CMS is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim’s browser to steal session cookies or perform unwanted actions on behalf of the user via /backend/ajax.
/backend/ajax
packetstormsecurity.com/files/149596/CVE-2018-17595.txt
packetstormsecurity.com/files/149606/forcms540-xss.txt