Moderate severityNVD Advisory· Published Aug 12, 2022· Updated Aug 3, 2024
CVE-2022-35587
CVE-2022-35587
Description
A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
forkcms/forkcmsPackagist | < 5.11.0 | 5.11.0 |
Affected products
2- Fork/Forkdescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-65wf-qm95-6mhmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-35587ghsaADVISORY
- github.com/forkcms/forkcms/commit/76bf739e01f697e10c1277b9726e39b9705be296ghsaWEB
- huntr.dev/bounties/6-other-forkcmsghsaWEB
- huntr.dev/bounties/6-other-forkcms/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.