GeniXCMS Cross-site Scripting (XSS)

2022-05-1702:46:02

Google

osv.dev

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element.

CPENameOperatorVersion
genix/cmseq1.0.0
genix/cmseq1.1.0

CPE	Name	Operator	Version
	genix/cms	eq	1.0.0
	genix/cms	eq	1.1.0

References

github.com/GeniXCMS/GeniXCMS

github.com/semplon/GeniXCMS/commit/5a128e830fa4a830137d03842c8e8bb22107cadf

github.com/semplon/GeniXCMS/commit/e75e7447455da89a0cab965ba46f91f38cfd62d2

github.com/semplon/GeniXCMS/issues/73

nvd.nist.gov/vuln/detail/CVE-2017-8762