CVE-2012-1188

Fork CMS < 3.2.7 - Cross-Site Scripting via Type, Querystring, or Name Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-1188. PoCs published by anonymous.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Fork CMS versions prior to 3.2.7. It includes a proof-of-concept URL demonstrating the XSS payload but does not contain executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) type or (2) querystring parameters to private/en/error or (3) name parameter to private/en/locale/index.

Exploits (2)

exploitdb WRITEUP VERIFIED
by anonymous · textwebappsphp
https://www.exploit-db.com/exploits/36893

The provided text describes a cross-site scripting (XSS) vulnerability in Fork CMS versions prior to 3.2.7. It includes a proof-of-concept URL demonstrating the XSS payload but does not contain executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Fork CMS < 3.2.7
No auth needed
Prerequisites: Access to a vulnerable Fork CMS instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by anonymous · textwebappsphp
https://www.exploit-db.com/exploits/36894

This exploit demonstrates XSS vulnerabilities in Fork CMS by injecting arbitrary JavaScript via the 'type' and 'querystring' parameters in the error page URL. The PoC uses script tags to execute an alert with document.cookie, confirming the vulnerability.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Fork CMS versions prior to 3.2.7
No auth needed
Prerequisites: Access to the target URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/73605
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48183
Patch, Vendor Advisory x_refsource_confirm
http://www.fork-cms.com/blog/detail/fork-cms-3-2-7-released
Vendor Advisory x_refsource_misc
https://www.htbridge.ch/advisory/HTB23075
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-03/0022.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/79692
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/52236

Scores

EPSS 0.0446
EPSS Percentile 90.2%

Details

CWE
CWE-79
Status published
Products (2)
fork-cms/fork_cms < 3.2.6
forkcms/forkcms 0 - 3.2.7Packagist
Published Sep 26, 2012
Tracked Since Feb 18, 2026