CVE-2012-5164

Fork CMS < 3.2.7 - Cross-Site Scripting via Search Term Parameter

Title source: llm
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before 3.2.7 allow remote attackers to inject arbitrary web script or HTML via the term parameter to (1) autocomplete.php, (2) search/ajax/autosuggest.php, (3) livesuggest.php, or (4) save.php in frontend/modules/search/ajax.

Scores

EPSS 0.0122
EPSS Percentile 64.9%

Details

CWE
CWE-79
Status published
Products (42)
fork-cms/fork_cms 2.0.1
fork-cms/fork_cms 2.0.2
fork-cms/fork_cms 2.1.0
fork-cms/fork_cms 2.2.0
fork-cms/fork_cms 2.3.0
fork-cms/fork_cms 2.3.1
fork-cms/fork_cms 2.4.0
fork-cms/fork_cms 2.4.1
fork-cms/fork_cms 2.5.1
fork-cms/fork_cms 2.5.2
... and 32 more
Published Sep 26, 2012
Tracked Since Feb 18, 2026