RSS   Podatności dla 'Fork cms'   RSS

2022-03-25
 
CVE-2022-1064

CWE-89
 
 
SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1.

 
2022-03-24
 
CVE-2022-0153

CWE-89
 
 
SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1.

 
 
CVE-2022-0145

CWE-79
 
 
Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkcms prior to 5.11.1.

 
2021-10-22
 
CVE-2020-23049

CWE-79
 
 
Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML.

 
2021-07-07
 
CVE-2021-28931

CWE-434
 
 
Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel.

 
2021-05-06
 
CVE-2020-23263

CWE-79
 
 
Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigation_title" parameter and the "title" parameter in /private/en/pages/add.

 
 
CVE-2020-23264

CWE-352
 
 
Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators.

 
2020-05-27
 
CVE-2020-13633

CWE-79
 
 
Fork before 5.8.3 allows XSS via navigation_title or title.

 
2020-02-08
 
CVE-2014-9470

CWE-79
 
 
Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to en/search.

 
2019-01-09
 
CVE-2018-20682

CWE-79
 
 
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section).

 

Copyright 2024, cxsecurity.com

 

Back to Top