Fork CMS 5.0.6 allows stored XSS via the private/en/settings facebook_admin_ids parameter (aka "Admin ids" input in the Facebook section).
Max CVSS
5.4
EPSS Score
0.06%
Published
2019-01-09
Updated
2019-01-23
Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object.
Max CVSS
9.8
EPSS Score
0.33%
Published
2019-08-26
Updated
2019-08-28
2 vulnerabilities found