Описание
Cross-site Scripting in Fork CMS
Fork CMS prior to 5.11.1 is vulnerable to stored cross-site scripting. When uploading a new module, the description of the module can contain JavaScript code. The JavaScript code may be executed after uploading the new module and looking at the Details page.
Пакеты
Наименование
forkcms/forkcms
composer
Затронутые версииВерсия исправления
< 5.11.1
5.11.1
Связанные уязвимости
CVSS3: 5.4
nvd
почти 4 года назад
Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkcms prior to 5.11.1.