CVE-2022-0145 in ForkCMS
Summary
by MITRE • 03/24/2022
Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkcms prior to 5.11.1.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 03/27/2022
The vulnerability identified as CVE-2022-0145 represents a stored cross-site scripting flaw discovered in the Fork CMS content management system prior to version 5.11.1. This vulnerability resides within the repository management functionality of the platform, specifically affecting how user inputs are handled during the forking process of repositories. The flaw allows malicious actors to inject persistent malicious scripts into the application's database through the repository forking mechanism, which then executes whenever other users view the affected repository content.
The technical implementation of this vulnerability stems from insufficient input validation and output sanitization within the repository forking functionality. When users create forks of repositories, the system fails to properly sanitize user-provided data, particularly in fields that accept repository names, descriptions, or other metadata. This creates an environment where attacker-controlled JavaScript code can be stored within the application's database and subsequently executed in the context of other users' browsers. The vulnerability aligns with CWE-79 which specifically addresses cross-site scripting flaws, and more particularly with CWE-80 which describes stored XSS vulnerabilities where malicious input is permanently stored and later executed.
The operational impact of this vulnerability extends beyond simple script execution, as it provides attackers with the ability to perform session hijacking, steal sensitive user credentials, or redirect victims to malicious domains. Since Fork CMS is a widely used open-source content management system, the potential attack surface is significant, particularly in environments where multiple users interact with repository management features. The stored nature of the vulnerability means that even users who do not immediately view the compromised content remain at risk, as the malicious code persists in the database until the vulnerability is patched.
Security professionals should recognize this vulnerability as part of the broader ATT&CK framework's T1531 technique related to "Modify Existing Service" and T1059.1001 which covers "Command and Scripting Interpreter: JavaScript". The exploitation of this vulnerability requires minimal privileges and can be automated, making it particularly dangerous in multi-user environments. Organizations using Fork CMS versions prior to 5.11.1 should immediately implement mitigation strategies including input validation, output encoding, and regular security audits of repository management components. The recommended remediation involves upgrading to version 5.11.1 or later, which includes proper sanitization of user inputs and enhanced validation mechanisms for repository metadata. Additionally, implementing web application firewalls and content security policies can provide additional defense-in-depth measures to protect against exploitation attempts.