Filtered by vendor Fork-cms
Subscribe
Search
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23049 | 1 Fork-cms | 1 Fork Cms | 2021-10-28 | 3.5 LOW | 5.4 MEDIUM |
| Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2020-23263 | 1 Fork-cms | 1 Fork Cms | 2021-05-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigation_title" parameter and the "title" parameter in /private/en/pages/add. | |||||
| CVE-2020-13633 | 1 Fork-cms | 1 Fork Cms | 2020-05-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Fork before 5.8.3 allows XSS via navigation_title or title. | |||||
| CVE-2014-9470 | 1 Fork-cms | 1 Fork Cms | 2020-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to en/search. | |||||
| CVE-2018-20682 | 1 Fork-cms | 1 Fork Cms | 2019-01-23 | 3.5 LOW | 5.4 MEDIUM |
| Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section). | |||||
| CVE-2018-17595 | 1 Fork-cms | 1 Fork Cms | 2018-11-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI. | |||||
| CVE-2018-5215 | 1 Fork-cms | 1 Fork Cms | 2018-01-16 | 3.5 LOW | 5.4 MEDIUM |
| Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter. | |||||