Headline
GHSA-pw4j-r69m-rrr5: ForkCMS XSS via `end_date` parameter
A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the end_date Parameter. This issue was patched in version 5.11.0.
ForkCMS XSS via `end_date` parameter
Moderate severity GitHub Reviewed Published Aug 13, 2022 • Updated Aug 18, 2022
Related news
CVE-2022-35590: Cross-site Scripting (XSS) - Generic in forkcms
A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_date" Parameter