Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fork_cms
(Fork\-Cms)| Repositories | https://github.com/forkcms/forkcms |
| #Vulnerabilities | 25 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-08-12 | CVE-2022-35585 | A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter | Fork_cms | 4.8 | ||
| 2022-08-12 | CVE-2022-35589 | A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter. | Fork_cms | 4.8 | ||
| 2022-08-12 | CVE-2022-35587 | A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter | Fork_cms | 4.8 | ||
| 2022-08-12 | CVE-2022-35590 | A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_date" Parameter | Fork_cms | 4.8 | ||
| 2020-02-08 | CVE-2014-9470 | Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to en/search. | Fork_cms | N/A | ||
| 2019-08-26 | CVE-2019-15521 | Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object. | Fork_cms, Spoon_library | 9.8 | ||
| 2018-01-04 | CVE-2018-5215 | Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter. | Fork_cms | 5.4 | ||
| 2019-01-09 | CVE-2018-20682 | Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section). | Fork_cms | 5.4 | ||
| 2018-10-02 | CVE-2018-17595 | In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI. | Fork_cms | 6.1 | ||
| 2015-02-06 | CVE-2015-1467 | Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index. | Fork_cms | N/A |