CVEDB API

Vulnerabilities

Vulnerable Software

Fork-Cms: >> Fork Cms Security Vulnerabilities

CVE-2012-1188

Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) type or (2) querystring parameters to private/en/error or (3) name parameter to private/en/locale/index.

CVSS Score

4.3

EPSS Score

0.138

Published

2012-09-26

CVE-2012-5164

Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the term parameter to (1) autocomplete.php, (2) search/ajax/autosuggest.php, (3) livesuggest.php, or (4) save.php in frontend/modules/search/ajax.

CVSS Score

4.3

EPSS Score

0.004

Published

2012-09-26

CVE-2012-1207

Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter to frontend/js.php.

CVSS Score

5.0

EPSS Score

0.002

Published

2012-02-24

CVE-2012-1208

Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error parameter to users/index.

CVSS Score

4.3

EPSS Score

0.08

Published

2012-02-24

CVE-2012-1209

Cross-site scripting (XSS) vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.

CVSS Score

4.3

EPSS Score

0.003

Published

2012-02-24

Page 3

Vulnerabilities

Vulnerable Software

Fork-Cms: >> Fork Cms Security Vulnerabilities

Products

Pricing

Contact Us