Published: 26/09/2012 Updated: 29/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS prior to 3.2.7 allow remote malicious users to inject arbitrary web script or HTML via the (1) type or (2) querystring parameters to private/en/error or (3) name parameter to private/en/locale/index.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fork-cms fork cms

Fork CMS version 325 suffers from multiple cross site scripting vulnerabilities ...

source: wwwsecurityfocuscom/bid/52236/info Fork CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the cont ...

source: wwwsecurityfocuscom/bid/52236/info Fork CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the co ...

CWE-79 https://github.com/forkcms/forkcms/commit/995220182068518e89019a265d113518f6566407 http://archives.neohapsis.com/archives/bugtraq/2012-03/0022.html https://github.com/forkcms/forkcms/commit/1269fe8b3813c7b7d5552a2b88bc2e7bd4d0c1f9 https://www.htbridge.ch/advisory/HTB23075 http://www.securityfocus.com/bid/52236 http://secunia.com/advisories/48183 http://www.osvdb.org/79692 http://www.fork-cms.com/blog/detail/fork-cms-3-2-7-released https://exchange.xforce.ibmcloud.com/vulnerabilities/73605 https://nvd.nist.gov https://packetstormsecurity.com/files/110537/Fork-CMS-3.2.5-Cross-Site-Scripting.html https://www.exploit-db.com/exploits/36893/

CVE-2012-1188

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect