CVE-2012-5164 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the term parameter to (1) autocomplete.php, (2) search/ajax/autosuggest.php, (3) livesuggest.php, or (4) save.php in frontend/modules/search/ajax.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fork-cms	Fork Cms

Configuration 1 [-]

OR	cpe:2.3:a:fork-cms:fork_cms::::::::
	cpe:2.3:a:fork-cms:fork_cms:2.0.1:::::::*
	cpe:2.3:a:fork-cms:fork_cms:2.0.2:::::::*
	cpe:2.3:a:fork-cms:fork_cms:2.1.0:::::::*
	cpe:2.3:a:fork-cms:fork_cms:2.2.0:::::::*
	cpe:2.3:a:fork-cms:fork_cms:2.3.0:::::::*
	cpe:2.3:a:fork-cms:fork_cms:2.3.1:::::::*
	cpe:2.3:a:fork-cms:fork_cms:2.4.0:::::::*
	cpe:2.3:a:fork-cms:fork_cms:2.4.1:::::::*
	cpe:2.3:a:fork-cms:fork_cms:2.5.1:::::::*
	cpe:2.3:a:fork-cms:fork_cms:2.5.2:::::::*
	cpe:2.3:a:fork-cms:fork_cms:2.6.0:::::::*
	cpe:2.3:a:fork-cms:fork_cms:2.6.1:::::::*
	cpe:2.3:a:fork-cms:fork_cms:2.6.2:::::::*
	cpe:2.3:a:fork-cms:fork_cms:2.6.3:::::::*
	cpe:2.3:a:fork-cms:fork_cms:2.6.4:::::::*
	cpe:2.3:a:fork-cms:fork_cms:2.6.5:::::::*
	cpe:2.3:a:fork-cms:fork_cms:2.6.6:::::::*
	cpe:2.3:a:fork-cms:fork_cms:2.6.7:::::::*
	cpe:2.3:a:fork-cms:fork_cms:2.6.8:::::::*
	cpe:2.3:a:fork-cms:fork_cms:2.6.9:::::::*
	cpe:2.3:a:fork-cms:fork_cms:2.6.10:::::::*
	cpe:2.3:a:fork-cms:fork_cms:2.6.11:::::::*
	cpe:2.3:a:fork-cms:fork_cms:2.6.12:::::::*
	cpe:2.3:a:fork-cms:fork_cms:2.6.13:::::::*
	cpe:2.3:a:fork-cms:fork_cms:3.0.0:::::::*
	cpe:2.3:a:fork-cms:fork_cms:3.1.0:::::::*
	cpe:2.3:a:fork-cms:fork_cms:3.1.1:::::::*
	cpe:2.3:a:fork-cms:fork_cms:3.1.2:::::::*
	cpe:2.3:a:fork-cms:fork_cms:3.1.3:::::::*
	cpe:2.3:a:fork-cms:fork_cms:3.1.4:::::::*
	cpe:2.3:a:fork-cms:fork_cms:3.1.5:::::::*
	cpe:2.3:a:fork-cms:fork_cms:3.1.6:::::::*
	cpe:2.3:a:fork-cms:fork_cms:3.1.7:::::::*
	cpe:2.3:a:fork-cms:fork_cms:3.1.8:::::::*
	cpe:2.3:a:fork-cms:fork_cms:3.1.9:::::::*
	cpe:2.3:a:fork-cms:fork_cms:3.2.0:::::::*
	cpe:2.3:a:fork-cms:fork_cms:3.2.1:::::::*
	cpe:2.3:a:fork-cms:fork_cms:3.2.2:::::::*
	cpe:2.3:a:fork-cms:fork_cms:3.2.3:::::::*
	cpe:2.3:a:fork-cms:fork_cms:3.2.4:::::::*
	cpe:2.3:a:fork-cms:fork_cms:3.2.5:::::::*

No data.

References

Link	Providers
http://www.fork-cms.com/blog/detail/fork-cms-3-2-7-released
https://exchange.xforce.ibmcloud.com/vulnerabilities/78957
https://github.com/forkcms/forkcms/commit/03e8f5b53f193a87116b3875eec39769d5c07114
https://github.com/forkcms/forkcms/commit/641e27bf1e9a7e320d6856399a7c274934bb351e
https://github.com/forkcms/forkcms/pull/247

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-09-26T00:00:00

Updated: 2024-08-06T20:58:03.164Z

Reserved: 2012-09-25T00:00:00

Link: CVE-2012-5164

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-09-26T00:55:01.253

Modified: 2017-08-29T01:32:31.977

Link: CVE-2012-5164

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object