CVE - CVE-2012-1208

CVE-ID
CVE-2012-1208	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error parameter to users/index.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:51972 URL:http://www.securityfocus.com/bid/51972 CONFIRM:http://www.fork-cms.com/blog/detail/fork-cms-3-2-5-released CONFIRM:https://github.com/forkcms/forkcms/commit/8fa74dd3e2e32723cd121177dce6aeac37e29df6 CONFIRM:https://github.com/forkcms/forkcms/commit/d65c083adc91c88d21bd9a0df4c2688df634c6ff CONFIRM:https://github.com/forkcms/forkcms/commit/df75e0797a6540c4d656969a2e7df7689603b2cf MISC:http://packetstormsecurity.org/files/109709/Fork-CMS-3.2.4-Cross-Site-Scripting-Local-File-Inclusion.html SECUNIA:47937 URL:http://secunia.com/advisories/47937
Assigning CNA
MITRE Corporation
Date Record Created
20120220	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20120220)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)