Every CVE whose affected-product data names Fork-cms Fork Cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (25)
CVE-2019-15521 — CVSS 9.8 (critical): Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing…
CVE-2022-1064 — CVSS 8.8 (high): SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1.
CVE-2021-28931 — CVSS 8.8 (high): Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a…
CVE-2020-23264 — CVSS 8.8 (high): Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remote attackers to hijack the authentication of logged administrators.
CVE-2020-23960 — CVSS 8.8 (high): Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform…
CVE-2020-24036 — CVSS 8.8 (high): PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute…
CVE-2015-1467 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL…
CVE-2014-9470 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4…
CVE-2018-17595 — CVSS 6.1 (medium): In the 5.4.0 version of the Fork CMS software, HTML Injection and Stored XSS vulnerabilities were discovered via the /backend/ajax URI.
CVE-2020-23263 — CVSS 6.1 (medium): Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the…
CVE-2020-23049 — CVSS 5.4 (medium): Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field…
CVE-2018-20682 — CVSS 5.4 (medium): Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section).
CVE-2012-1207 — CVSS 5.0 (medium): Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows…
CVE-2022-35590 — CVSS 4.8 (medium): A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_date" Parameter
CVE-2022-35585 — CVSS 4.8 (medium): A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date"…
CVE-2022-35587 — CVSS 4.8 (medium): A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date"…
CVE-2022-35589 — CVSS 4.8 (medium): A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time"…
CVE-2012-1188 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML…
CVE-2012-5164 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML…
CVE-2012-1209 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows…
CVE-2012-1208 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before…