Shodan
Vulnerabilities
Vulnerable Software
Fork-Cms:  >> Fork Cms  Security Vulnerabilities
CVE-2022-35585
A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter
CVSS Score
4.8
EPSS Score
0.001
Published
2022-08-12
CVE-2022-35587
A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter
CVSS Score
4.8
EPSS Score
0.001
Published
2022-08-12
CVE-2022-35589
A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter.
CVSS Score
4.8
EPSS Score
0.0
Published
2022-08-12
CVE-2022-35590
A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_date" Parameter
CVSS Score
4.8
EPSS Score
0.0
Published
2022-08-12
CVE-2022-1064
SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1.
CVSS Score
9.0
EPSS Score
0.003
Published
2022-03-25
CVE-2022-0153
SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1.
CVSS Score
9.6
EPSS Score
0.003
Published
2022-03-24
CVE-2022-0145
Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkcms prior to 5.11.1.
CVSS Score
6.8
EPSS Score
0.003
Published
2022-03-24
CVE-2020-23049
Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-10-22
CVE-2021-28931
Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-07-07
CVE-2020-23263
Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigation_title" parameter and the "title" parameter in /private/en/pages/add.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-05-06


Products
Pricing
Contact Us

Shodan ® - All rights reserved