Vulnerabilities > Fork CMS

DATE CVE VULNERABILITY TITLE RISK
2022-08-12 CVE-2022-35585 Cross-site Scripting vulnerability in Fork-Cms Fork CMS 5.9.3
A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter
network
low complexity
fork-cms CWE-79
4.8
4.8
2022-08-12 CVE-2022-35587 Cross-site Scripting vulnerability in Fork-Cms Fork CMS 5.9.3
A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter
network
low complexity
fork-cms CWE-79
4.8
4.8
2022-08-12 CVE-2022-35589 Cross-site Scripting vulnerability in Fork-Cms Fork CMS 5.9.3
A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter.
network
low complexity
fork-cms CWE-79
4.8
4.8
2022-08-12 CVE-2022-35590 Cross-site Scripting vulnerability in Fork-Cms Fork CMS 5.9.3
A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_date" Parameter
network
low complexity
fork-cms CWE-79
4.8
4.8
2022-03-25 CVE-2022-1064 SQL Injection vulnerability in Fork-Cms Fork CMS
SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1.
network
low complexity
fork-cms CWE-89
8.8
8.8
2022-03-24 CVE-2022-0153 SQL Injection vulnerability in Fork-Cms Fork CMS
SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1.
network
low complexity
fork-cms CWE-89
7.5
7.5
2022-03-24 CVE-2022-0145 Cross-site Scripting vulnerability in Fork-Cms Fork CMS
Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkcms prior to 5.11.1.
network
low complexity
fork-cms CWE-79
5.4
5.4
2021-10-22 CVE-2020-23049 Cross-site Scripting vulnerability in Fork-Cms Fork CMS 5.8.0
Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions.
network
low complexity
fork-cms CWE-79
5.4
5.4
2021-07-07 CVE-2021-28931 Unrestricted Upload of File with Dangerous Type vulnerability in Fork-Cms Fork CMS 5.9.2
Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel.
network
low complexity
fork-cms CWE-434
8.8
8.8
2021-05-06 CVE-2020-23263 Cross-site Scripting vulnerability in Fork-Cms Fork CMS 5.8.2
Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigation_title" parameter and the "title" parameter in /private/en/pages/add.
network
low complexity
fork-cms CWE-79
6.1
6.1