Fork CMS prior to 5.11.1 is vulnerable to stored cross-site scripting. When uploading a new module, the description of the module can contain JavaScript code. The JavaScript code may be executed after uploading the new module and looking at the Details
page.
もっと詳しく