Vulnerabilities for Fork cms (...) - CXSECURITY.COM

Vulnerabilities for 'Fork cms'

2022-03-25

CVE-2022-1064

CWE-89

SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1.

2022-03-24

CVE-2022-0153

CWE-89

SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1.

CVE-2022-0145

CWE-79

Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkcms prior to 5.11.1.

2021-10-22

CVE-2020-23049

CWE-79

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML.

2021-07-07

CVE-2021-28931

CWE-434

Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel.

2021-05-06

CVE-2020-23263

CWE-79

Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigation_title" parameter and the "title" parameter in /private/en/pages/add.

CVE-2020-23264

CWE-352

Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators.

2020-05-27

CVE-2020-13633

CWE-79

Fork before 5.8.3 allows XSS via navigation_title or title.

2020-02-08

CVE-2014-9470

CWE-79

Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to en/search.

2019-01-09

CVE-2018-20682

CWE-79

Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section).

Copyright 2024, cxsecurity.com