Описание
ForkCMS stored XSS via start_date parameter
A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the start_date Parameter. This issue was patched in version 5.11.0.
Пакеты
Наименование
forkcms/forkcms
composer
Затронутые версииВерсия исправления
< 5.11.0
5.11.0
Связанные уязвимости
CVSS3: 4.8
nvd
больше 3 лет назад
A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter