Vulnerabilities > Fork CMS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-12 | CVE-2022-35585 | Cross-site Scripting vulnerability in Fork-Cms Fork CMS 5.9.3 A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter | 4.8 |
| 2022-08-12 | CVE-2022-35587 | Cross-site Scripting vulnerability in Fork-Cms Fork CMS 5.9.3 A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter | 4.8 |
| 2022-08-12 | CVE-2022-35589 | Cross-site Scripting vulnerability in Fork-Cms Fork CMS 5.9.3 A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter. | 4.8 |
| 2022-08-12 | CVE-2022-35590 | Cross-site Scripting vulnerability in Fork-Cms Fork CMS 5.9.3 A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_date" Parameter | 4.8 |
| 2022-03-24 | CVE-2022-0145 | Cross-site Scripting vulnerability in Fork-Cms Fork CMS Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkcms prior to 5.11.1. | 5.4 |
| 2021-10-22 | CVE-2020-23049 | Cross-site Scripting vulnerability in Fork-Cms Fork CMS 5.8.0 Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. | 5.4 |
| 2021-05-06 | CVE-2020-23263 | Cross-site Scripting vulnerability in Fork-Cms Fork CMS 5.8.2 Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigation_title" parameter and the "title" parameter in /private/en/pages/add. | 6.1 |
| 2020-05-27 | CVE-2020-13633 | Cross-site Scripting vulnerability in Fork-Cms Fork CMS Fork before 5.8.3 allows XSS via navigation_title or title. | 6.1 |
| 2020-02-08 | CVE-2014-9470 | Cross-site Scripting vulnerability in Fork-Cms Fork CMS Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to en/search. | 6.1 |
| 2019-01-09 | CVE-2018-20682 | Cross-site Scripting vulnerability in Fork-Cms Fork CMS 5.0.6 Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section). | 5.4 |