Skip to main content

Fork Cms CVE-2012-1188

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2012-09-26 cve@mitre.org
4.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:N/I:P/A:N
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 26, 2012 - 00:55 cve.org
MEDIUM 4.3

DescriptionCVE.org

Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) type or (2) querystring parameters to private/en/error or (3) name parameter to private/en/locale/index.

AnalysisAI

Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) type or (2) querystring parameters to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 13.8%.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) type or (2) querystring parameters to private/en/error or (3) name parameter to private/en/locale/index. Affected products include: Fork-Cms Fork Cms. Version information: before 3.2.7.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2020-24036 HIGH POC
8.8 Mar 04

PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote u

CVE-2022-1064 HIGH POC
8.8 Mar 25

SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1. Rated

CVE-2015-1467 HIGH POC
7.5 Feb 06

Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to exec

CVE-2022-0153 HIGH POC
7.5 Mar 24

SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1. Rated high severity (CVSS 7.5), this vulnerability i

CVE-2012-1208 MEDIUM POC
4.3 Feb 24

Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other

CVE-2019-15521 CRITICAL
9.8 Aug 26

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a

CVE-2022-0145 MEDIUM POC
5.4 Mar 24

Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkcms prior to 5.11.1. Rated medium severity (CVSS 5.

CVE-2018-5215 MEDIUM POC
5.4 Jan 04

Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter. Rated medium severity (CVSS 5.4), this vulnera

CVE-2012-1207 MEDIUM POC
5.0 Feb 24

Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions b

CVE-2022-35590 MEDIUM POC
4.8 Aug 12

A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "en

CVE-2022-35589 MEDIUM POC
4.8 Aug 12

A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publi

CVE-2022-35587 MEDIUM POC
4.8 Aug 12

A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publi

Share

CVE-2012-1188 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy