fork-cms

Top products

The 15 most recently published vulnerabilities affecting fork-cms.

• CVE-2022-35585A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter4.8Aug 12, 2022
• CVE-2022-35587A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter4.8Aug 12, 2022
• CVE-2022-35589A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter.4.8Aug 12, 2022
• CVE-2022-35590A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_date" Parameter4.8Aug 12, 2022
• CVE-2022-1064SQL injection through marking blog comments on bulk as spam in forkcms/forkcms8.8Mar 25, 2022
• CVE-2022-0153SQL Injection in forkcms/forkcms7.5Mar 24, 2022
• CVE-2022-0145Cross-site Scripting (XSS) - Stored in forkcms/forkcms5.4Mar 24, 2022
• CVE-2020-23049Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This ...5.4Oct 22, 2021
• CVE-2021-28931Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel.8.8Jul 7, 2021
• CVE-2020-23264Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators.8.8May 6, 2021
• CVE-2020-23263Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigation_title" parameter and the "title" parameter in...6.1May 6, 2021
• CVE-2020-24036PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.8.8Mar 4, 2021
• CVE-2020-23960Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass...8.8Jan 11, 2021
• CVE-2020-13633Fork before 5.8.3 allows XSS via navigation_title or title.6.1May 27, 2020
• CVE-2014-9470Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTM...6.1Feb 8, 2020