Moderate severityNVD Advisory· Published Aug 12, 2022· Updated Aug 3, 2024
CVE-2022-35590
CVE-2022-35590
Description
A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_date" Parameter
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
forkcms/forkcmsPackagist | < 5.11.0 | 5.11.0 |
Affected products
2- ForkCMS/ForkCMSdescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-pw4j-r69m-rrr5ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-35590ghsaADVISORY
- github.com/forkcms/forkcms/commit/76bf739e01f697e10c1277b9726e39b9705be296ghsaWEB
- huntr.dev/bounties/4-other-forkcmsghsaWEB
- huntr.dev/bounties/4-other-forkcms/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.