CVE-2012-1209

Name of the Vulnerable Software and Affected Versions Fork CMS versions 3.2.4 through 3.2.4

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the highlight parameter in the backend/core/engine/base.php file. This could potentially lead to malicious actions on the affected system.

Recommendations For Fork CMS version 3.2.4, update to version 3.2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the highlight parameter in the backend/core/engine/base.php file until a patch is available.