Forkcms/forkcms

This hub aggregates every CVE we track for Forkcms/forkcms, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Forkcms/forkcms.

• CVE-2022-35585A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter4.8Aug 12, 2022
• CVE-2022-35587A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter4.8Aug 12, 2022
• CVE-2022-35589A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter.4.8Aug 12, 2022
• CVE-2022-35590A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_date" Parameter4.8Aug 12, 2022
• CVE-2022-1064SQL injection through marking blog comments on bulk as spam in forkcms/forkcms8.8Mar 25, 2022
• CVE-2022-0153SQL Injection in forkcms/forkcms7.5Mar 24, 2022
• CVE-2022-0145Cross-site Scripting (XSS) - Stored in forkcms/forkcms5.4Mar 24, 2022
• CVE-2020-23049Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This ...5.4Oct 22, 2021
• CVE-2021-28931Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel.8.8Jul 7, 2021
• CVE-2020-23264Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators.8.8May 6, 2021
• CVE-2020-23263Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigation_title" parameter and the "title" parameter in...6.1May 6, 2021
• CVE-2020-23960Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass...8.8Jan 11, 2021
• CVE-2020-13633Fork before 5.8.3 allows XSS via navigation_title or title.6.1May 27, 2020
• CVE-2018-20682Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section).5.4Jan 9, 2019
• CVE-2018-5215Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter.5.4Jan 4, 2018