Cross-site Scripting (XSS) - Stored in forkcms/forkcms
Oct 20th 2021
Proof of Concept
- I downloaded the Kompact theme (https://github.com/jessedobbelaere/fork-cms-theme-kompact/archive/master.zip), extracted it and changed in
<description> <![CDATA[ Kompact<script>alert(1);</script> ]]> </description>
info.xml, I packed all files back into a zip file and uploaded it in ForkCMS.
alert) will be executed.
Jelmer Prins validated this vulnerability a year ago
kstarkloff has been awarded the disclosure bounty
The fix bounty is now up for grabs
commented a year ago
fix is currently in review
Jelmer Prins marked this as fixed in 5.11.1 with commit 981730 a year ago
This vulnerability will not receive a CVE
to join this conversation