Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fork-cms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-23263
Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote malicious users to inject arbitrary Javascript code via the "navigation_title" parameter and the "title" parameter in /private/en/pages/add.
Fork-cms Fork Cms 5.8.2
6.5
CVSSv2
CVE-2020-24036
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.
Fork-cms Fork Cms
6.8
CVSSv2
CVE-2020-23960
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork prior to 5.8.3 allows remote malicious users to perform unauthorized actions as administrator to (1) approve the mass of the user's comments, (2) restoring a deleted user, (3) installing ...
Fork-cms Fork Cms
4.3
CVSSv2
CVE-2020-13633
Fork prior to 5.8.3 allows XSS via navigation_title or title.
Fork-cms Fork Cms
4.3
CVSSv2
CVE-2014-9470
Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS prior to 3.8.4 allows remote malicious users to inject arbitrary web script or HTML via the q_widget parameter to en/search.
Fork-cms Fork Cms
7.5
CVSSv2
CVE-2019-15521
Spoon Library through 2014-02-06, as used in Fork CMS prior to 1.4.1 and other products, allows PHP object injection via a cookie containing an object.
Spoon-library Spoon Library
Fork-cms Fork Cms
3.5
CVSSv2
CVE-2018-20682
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section).
Fork-cms Fork Cms 5.0.6
4.3
CVSSv2
CVE-2018-17595
In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI.
Fork-cms Fork Cms 5.4.0
3.5
CVSSv2
CVE-2018-5215
Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter.
Fork-cms Fork Cms 5.0.7
7.5
CVSSv2
CVE-2015-1467
Multiple SQL injection vulnerabilities in Translations in Fork CMS prior to 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index.
Fork-cms Fork Cms
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »