Unrated severityNVD Advisory· Published Feb 8, 2020· Updated Aug 6, 2024
CVE-2014-9470
CVE-2014-9470
Description
Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to en/search.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Fork CMS/Fork CMSdescription
Patches
Vulnerability mechanics
References
6- seclists.org/fulldisclosure/2015/Jan/38mitrex_refsource_MISC
- www.fork-cms.com/blog/detail/fork-3.8.4-releasedmitrex_refsource_MISC
- www.itas.vn/news/itas-team-found-out-a-cross-site-scripting-vulnerability-in-fork-cms-70.htmlmitrex_refsource_MISC
- www.securityfocus.com/bid/72017mitrex_refsource_MISC
- github.com/forkcms/forkcms/commit/4a7814762adf4f56f932d95146c7e4126d872114mitrex_refsource_MISC
- github.com/forkcms/forkcms/issues/1018smitrex_refsource_MISC
News mentions
0No linked articles in our index yet.