Lucene search

GitHub Advisory DatabaseGHSA-8FJQ-CPR7-CMFP

HistoryMay 14, 2022 - 3:50 a.m.

Fork CMS XSS Vulnerability

2022-05-1403:50:13

CWE-79

GitHub Advisory Database

github.com

fork cms

cross site scripting

version 5.0.7

page edit

title parameter

security issue

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.6%

JSON

Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter.

Affected configurations

Vulners

Node

forkcmsforkcmsRange≤5.0.7

VendorProductVersionCPE
forkcmsforkcms*cpe:2.3:a:forkcms:forkcms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
forkcms	forkcms	*	cpe:2.3:a:forkcms:forkcms::::::::

References

github.com/advisories/GHSA-8fjq-cpr7-cmfp

github.com/imsebao/404team/blob/master/forkcms.md

nvd.nist.gov/vuln/detail/CVE-2018-5215

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.6%

JSON

Related for GHSA-8FJQ-CPR7-CMFP