Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Fork_cms
(Fork\-Cms)| Repositories | https://github.com/forkcms/forkcms |
| #Vulnerabilities | 25 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-07-07 | CVE-2021-28931 | Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel. | Fork_cms | 8.8 | ||
| 2021-10-22 | CVE-2020-23049 | Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML. | Fork_cms | 5.4 | ||
| 2022-03-24 | CVE-2022-0145 | Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkcms prior to 5.11.1. | Fork_cms | 5.4 | ||
| 2022-03-24 | CVE-2022-0153 | SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1. | Fork_cms | 7.5 | ||
| 2022-03-25 | CVE-2022-1064 | SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1. | Fork_cms | 8.8 | ||
| 2022-08-12 | CVE-2022-35585 | A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter | Fork_cms | 4.8 | ||
| 2022-08-12 | CVE-2022-35589 | A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter. | Fork_cms | 4.8 | ||
| 2022-08-12 | CVE-2022-35587 | A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter | Fork_cms | 4.8 | ||
| 2022-08-12 | CVE-2022-35590 | A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_date" Parameter | Fork_cms | 4.8 | ||
| 2020-02-08 | CVE-2014-9470 | Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to en/search. | Fork_cms | N/A |