NuytsTech Security

CVE-2014-9470

by ·

Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to en/search.

Date published : 2020-02-08

http://seclists.org/fulldisclosure/2015/Jan/38

http://www.fork-cms.com/blog/detail/fork-3.8.4-released

Tags: