PT-2012-3116 · Fork Cms · Fork Cms
Publicado
2012-09-26
·
Atualizado
2022-05-17
·
CVE-2012-1188
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Fork CMS versions prior to 3.2.7
Description
The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the
type or querystring parameters to the private/en/error endpoint or the name parameter to the private/en/locale/index endpoint.Recommendations
For Fork CMS versions prior to 3.2.7, update to version 3.2.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the
private/en/error and private/en/locale/index endpoints to minimize the risk of exploitation. Avoid using the type, querystring, and name parameters in the affected endpoints until the issue is resolved.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Fork Cms