CVE-2022-0145

Name of the Vulnerable Software and Affected Versions Fork CMS versions prior to 5.11.1

Description The issue is related to stored Cross-site Scripting (XSS) in the GitHub repository forkcms/forkcms. When uploading a new module, the description of the module can contain JavaScript code, which may be executed after uploading the new module and viewing the Details page. This allows for the potential execution of malicious scripts.

Recommendations For Fork CMS versions prior to 5.11.1, update to version 5.11.1 or later to resolve the issue. As a temporary workaround, consider restricting the ability to upload new modules or limiting the use of JavaScript code in module descriptions until the update is applied.