CVE-2014-9470

Published: 2020-02-08T17:15Z

Last Modified: 2024-11-21T02:20Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML via the q_widget parameter to en/search. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt