Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fork-cms fork cms vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2022-0153
SQL Injection in GitHub repository forkcms/forkcms before 5.11.1.
Fork-cms Fork Cms
312
VMScore
CVE-2020-23049
Fork CMS Content Management System v5.8.0 exists to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows malicious users to execute arbitrary web scripts or HTML.
Fork-cms Fork Cms 5.8.0
578
VMScore
CVE-2021-28931
Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows malicious users to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel.
Fork-cms Fork Cms 5.9.2
312
VMScore
CVE-2018-20682
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section).
Fork-cms Fork Cms 5.0.6
NA
CVE-2022-35587
A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote malicious users to inject JavaScript via the "publish_on_date" Parameter
Fork-cms Fork Cms 5.9.3
NA
CVE-2022-35590
A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote malicious users to inject JavaScript via the "end_date" Parameter
Fork-cms Fork Cms 5.9.3
312
VMScore
CVE-2018-5215
Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter.
Fork-cms Fork Cms 5.0.7
383
VMScore
CVE-2020-23263
Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote malicious users to inject arbitrary Javascript code via the "navigation_title" parameter and the "title" parameter in /private/en/pages/add.
Fork-cms Fork Cms 5.8.2
445
VMScore
CVE-2012-1207
Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions prior to 3.2.5 allows remote malicious users to read arbitrary files via a .. (dot dot) in the module parameter to frontend/js.php.
Fork-cms Fork Cms 3.2.4
440
VMScore
CVE-2012-1208
Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions prior to 3.2.5 allow remote malicious users to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error paramete...
Fork-cms Fork Cms 3.2.4
2 EDB exploits
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »