Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fork-cms fork cms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-13633
Fork prior to 5.8.3 allows XSS via navigation_title or title.
Fork-cms Fork Cms
5
CVSSv2
CVE-2012-1207
Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions prior to 3.2.5 allows remote malicious users to read arbitrary files via a .. (dot dot) in the module parameter to frontend/js.php.
Fork-cms Fork Cms 3.2.4
4.3
CVSSv2
CVE-2012-1208
Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions prior to 3.2.5 allow remote malicious users to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error paramete...
Fork-cms Fork Cms 3.2.4
2 EDB exploits
4.3
CVSSv2
CVE-2012-1209
Cross-site scripting (XSS) vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions prior to 3.2.5 allows remote malicious users to inject arbitrary web script or HTML via the highlight parameter.
Fork-cms Fork Cms 3.2.4
3.5
CVSSv2
CVE-2018-20682
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section).
Fork-cms Fork Cms 5.0.6
NA
CVE-2022-35585
A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote malicious users to inject JavaScript via the "start_date" Parameter
Fork-cms Fork Cms 5.9.3
NA
CVE-2022-35587
A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote malicious users to inject JavaScript via the "publish_on_date" Parameter
Fork-cms Fork Cms 5.9.3
NA
CVE-2022-35589
A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote malicious users to inject JavaScript via the "publish_on_time" Parameter.
Fork-cms Fork Cms 5.9.3
NA
CVE-2022-35590
A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote malicious users to inject JavaScript via the "end_date" Parameter
Fork-cms Fork Cms 5.9.3
3.5
CVSSv2
CVE-2020-23049
Fork CMS Content Management System v5.8.0 exists to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows malicious users to execute arbitrary web scripts or HTML.
Fork-cms Fork Cms 5.8.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »