CVE-2015-1422

🗓️ 29 Jan 2015 15:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 36 Views🌐 WEB

CVE-2015-1422 XSS vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML

Reporter	Title	Published	Views	Family All 5
CNVD	Multiple Input Validation Vulnerabilities in Gecko CMS	16 Jan 201500:00	–	cnvd
Cvelist	CVE-2015-1422	29 Jan 201515:00	–	cvelist
EUVD	EUVD-2015-1559	29 Jan 201515:00	–	euvd
NVD	CVE-2015-1422	29 Jan 201515:59	–	nvd
Prion	Cross site scripting	29 Jan 201515:59	–	prion

NVD

Node

jakweb gecko_cmsMatch2.2

jakweb gecko_cmsMatch2.3

Source	Link
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/99977
zeroscience	www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5222.php
packetstormsecurity	www.packetstormsecurity.com/files/129929/Gecko-CMS-2.2-2.3-CSRF-XSS-SQL-Injection.html
osvdb	www.osvdb.org/show/osvdb/116970
osvdb	www.osvdb.org/show/osvdb/116969
osvdb	www.osvdb.org/show/osvdb/116967
exploit-db	www.exploit-db.com/exploits/35767

Parameter	Position	Path	Description	CWE
horder[]	query param	admin/index.php	Multiple cross-site scripting (XSS) vulnerabilities via numerous parameters in Gecko CMS 2.2/2.3 leading to arbitrary script/HTML execution.	CWE-79
jak_catid	query param	admin/index.php	Multiple cross-site scripting (XSS) vulnerabilities via numerous parameters in Gecko CMS 2.2/2.3 leading to arbitrary script/HTML execution.	CWE-79
jak_content	query param	admin/index.php	Multiple cross-site scripting (XSS) vulnerabilities via numerous parameters in Gecko CMS 2.2/2.3 leading to arbitrary script/HTML execution.	CWE-79
jak_css	query param	admin/index.php	Multiple cross-site scripting (XSS) vulnerabilities via numerous parameters in Gecko CMS 2.2/2.3 leading to arbitrary script/HTML execution.	CWE-79
jak_delete_log[]	query param	admin/index.php	Multiple cross-site scripting (XSS) vulnerabilities via numerous parameters in Gecko CMS 2.2/2.3 leading to arbitrary script/HTML execution.	CWE-79
jak_email	query param	admin/index.php	Multiple cross-site scripting (XSS) vulnerabilities via numerous parameters in Gecko CMS 2.2/2.3 leading to arbitrary script/HTML execution.	CWE-79
jak_extfile	query param	admin/index.php	Multiple cross-site scripting (XSS) vulnerabilities via numerous parameters in Gecko CMS 2.2/2.3 leading to arbitrary script/HTML execution.	CWE-79
jak_file	query param	admin/index.php	Multiple cross-site scripting (XSS) vulnerabilities via numerous parameters in Gecko CMS 2.2/2.3 leading to arbitrary script/HTML execution.	CWE-79
jak_hookshow[]	query param	admin/index.php	Multiple cross-site scripting (XSS) vulnerabilities via numerous parameters in Gecko CMS 2.2/2.3 leading to arbitrary script/HTML execution.	CWE-79
jak_img	query param	admin/index.php	Multiple cross-site scripting (XSS) vulnerabilities via numerous parameters in Gecko CMS 2.2/2.3 leading to arbitrary script/HTML execution.	CWE-79

06 May 2026 22:30Current

5.9Medium risk

Vulners AI Score5.9

CVSS 24.3

EPSS0.1711

CWE-79