{"id":"GHSA-3374-7h99-xr85","summary":"Cross-site scripting in forkcms","details":"Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML.","aliases":["CVE-2020-23049"],"modified":"2023-11-08T04:03:03.711762Z","published":"2021-10-25T19:43:05Z","database_specific":{"cwe_ids":["CWE-79"],"github_reviewed_at":"2021-10-25T18:26:04Z","severity":"MODERATE","nvd_published_at":"2021-10-22T20:15:00Z","github_reviewed":true},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-23049"},{"type":"WEB","url":"https://github.com/forkcms/forkcms/commit/6ec6171206a7507a39695edc8bbd1b97ef1041c6"},{"type":"PACKAGE","url":"https://github.com/forkcms/forkcms"},{"type":"WEB","url":"https://www.vulnerability-lab.com/get_content.php?id=2208"}],"affected":[{"package":{"name":"forkcms/forkcms","ecosystem":"Packagist","purl":"pkg:composer/forkcms/forkcms"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.8.1"}]}],"versions":["3.5.0","3.5.1","3.6.0","3.6.1","3.6.2","3.6.3","3.6.4","3.6.5","3.6.6","3.7","3.7.1","3.7.2","3.7.3","3.8.0","3.8.1","3.8.2","3.8.3","3.8.4","3.8.5","3.8.6","3.8.7","3.9.0","3.9.1","3.9.2","3.9.3","3.9.4","3.9.5","3.9.6","4.0.0","4.0.1","4.0.2","4.0.3","4.0.4","4.0.5","4.0.6","4.1.0","4.1.1","4.1.2","4.2.0","4.2.1","4.2.2","4.2.3","4.2.4","4.3.0","4.3.1","4.4.0","4.4.1","4.5.0","4.5.1","4.5.2","4.5.3","4.5.4","4.5.5","5.0.0","5.0.1","5.0.2","5.0.3","5.0.4","5.0.5","5.0.6","5.0.7","5.1.0","5.2.0","5.2.1","5.2.2","5.2.3","5.3.0","5.3.1","5.4.0","5.4.1","5.5.0","5.5.1","5.5.2","5.6.0","5.6.1","5.6.2","5.7.0","5.7.1","5.8.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/10/GHSA-3374-7h99-xr85/GHSA-3374-7h99-xr85.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}