PT-2012-3116 · Fork Cms · Fork Cms

Published

2012-09-26

Updated

2022-05-17

CVE-2012-1188

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Fork CMS versions prior to 3.2.7

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the type or querystring parameters to the private/en/error endpoint or the name parameter to the private/en/locale/index endpoint.

Recommendations For Fork CMS versions prior to 3.2.7, update to version 3.2.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the private/en/error and private/en/locale/index endpoints to minimize the risk of exploitation. Avoid using the type, querystring, and name parameters in the affected endpoints until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2012-1188

GHSA-J5FJ-M342-MGCM

Affected Products

Fork Cms

PT-2012-3116 · Fork Cms · Fork Cms

CVE-2012-1188

Weakness Enumeration

Related Identifiers

Affected Products

References · 17