CVE-2020-23263: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

February 10, 2022

Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the “navigation_title” parameter and the “title” parameter in /private/en/pages/add.

References

github.com/advisories/GHSA-vp4x-94ff-2cmv
github.com/forkcms/forkcms/pull/3093
nvd.nist.gov/vuln/detail/CVE-2020-23263

Code Behaviors & Features

Detect and mitigate CVE-2020-23263 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →