CVE-2022-35587

描述

A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the `publish_on_date` Parameter. This issue was patched in version 5.11.0.

受影響套件(1)

• Packagist/forkcms/forkcmsfrom 0, < 5.11.0

CVSS 分數

參考連結(4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-35587
• PATCHhttps://github.com/forkcms/forkcms
• WEBhttps://github.com/forkcms/forkcms/commit/76bf739e01f697e10c1277b9726e39b9705be296
• WEBhttps://huntr.dev/bounties/6-other-forkcms