Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fork cms vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2020-23263
Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote malicious users to inject arbitrary Javascript code via the "navigation_title" parameter and the "title" parameter in /private/en/pages/add.
Fork-cms Fork Cms 5.8.2
440
VMScore
CVE-2012-1208
Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions prior to 3.2.5 allow remote malicious users to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error paramete...
Fork-cms Fork Cms 3.2.4
2 EDB exploits
383
VMScore
CVE-2012-1209
Cross-site scripting (XSS) vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions prior to 3.2.5 allows remote malicious users to inject arbitrary web script or HTML via the highlight parameter.
Fork-cms Fork Cms 3.2.4
312
VMScore
CVE-2018-20682
Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section).
Fork-cms Fork Cms 5.0.6
668
VMScore
CVE-2019-15521
Spoon Library through 2014-02-06, as used in Fork CMS prior to 1.4.1 and other products, allows PHP object injection via a cookie containing an object.
Spoon-library Spoon Library
Fork-cms Fork Cms
NA
CVE-2012-1304
Fork CMS 3.2.4 - Local File Inclusion / Cross-Site Scripting
2 EDB exploits
NA
CVE-2012-1305
Fork CMS 3.2.5 - Multiple Vulnerabilities
1 EDB exploit
NA
CVE-2012-11881
Fork CMS version 3.2.5 suffers from multiple cross site scripting vulnerabilities.
449
VMScore
CVE-2019-1549
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in ...
Openssl Openssl
383
VMScore
CVE-2019-1563
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message th...
Openssl Openssl
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36954
CVE-2024-36933
CVE-2024-24919
CVE-2024-36923
CVE-2024-2961
CVE-2024-36925
bypass
encryption
command injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »