Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormHyp3rlinxPACKETSTORM:132397
HistoryJun 22, 2015 - 12:00 a.m.

GeniXCMS 0.0.3 Cross Site Scripting

2015-06-2200:00:00
hyp3rlinx
packetstormsecurity.com
24

0.003 Low

EPSS

Percentile

69.3%

JSON
`[+] Credits: John Page ( hyp3rlinx )  
  
[+] Domains: hyp3rlinx.altervista.org  
  
[+] Source: http://hyp3rlinx.altervista.org/advisories/AS-GENIXCMS0621.txt  
  
  
  
Vendor:  
=============================================  
genixcms.org  
  
  
  
Product:  
=====================================================  
GeniXCMS v0.0.3 is a PHP based content management system  
  
  
  
Advisory Information:  
===================================================  
Multiple persistent & reflected XSS vulnerabilities  
  
  
  
Vulnerability Details:  
=========================================================  
GeniXCMS v0.0.3 is vulnerable to persistent and reflected XSS  
  
  
XSS Exploit code(s):  
====================  
  
Persistent XSS:  
-----------------------  
http://localhost/GeniXCMS-master/GeniXCMS-master/gxadmin/index.php?page=posts&act=add&token=  
  
1-content input field  
content injected XSS will execute after posting is published  
  
2-title input field  
title injected XSS will execute immediate.  
  
  
Relected XSS:  
---------------------  
http://localhost/GeniXCMS-master/GeniXCMS-master/gxadmin/index.php?page=posts&q=1'<script>alert('XSS  
By Hyp3rlinx')</script>  
  
  
  
Disclosure Timeline:  
=========================================================  
Vendor Notification: NA  
June 21, 2015 : Public Disclosure  
  
  
  
Severity Level:  
=========================================================  
Med  
  
  
  
Description:  
=========================================================  
  
Request Method(s): [+] GET & POST  
  
  
Vulnerable Product: [+] GeniXCMS 0.0.3  
  
  
Vulnerable Parameter(s): [+] q, content & title  
  
  
Affected Area(s): [+] index.php  
  
  
===============================================================  
  
[+] Disclaimer  
Permission is hereby granted for the redistribution of this advisory,  
provided that  
it is not altered except by reformatting it, and that due credit is given.  
Permission is  
explicitly given for insertion in vulnerability databases and similar,  
provided that  
due credit is given to the author. The author is not responsible for any  
misuse of the  
information contained herein and prohibits any malicious use of all  
security related  
information or exploits by the author or elsewhere.  
  
  
(hyp3rlinx)  
`

Related

cve 1
nvd 1
prion 1
cvelist 1
openvas 1
cve
cve
CVE-2015-5066
2015-06-24 14:59:08
nvd
nvd
CVE-2015-5066
2015-06-24 14:59:08
prion
prion
Cross site scripting
2015-06-24 14:59:00
cvelist
cvelist
CVE-2015-5066
2015-06-24 14:00:00
openvas
openvas
Genixcms Multiple SQL Injection Vulnerabilities (Jun 2015)
2015-06-25 00:00:00

0.003 Low

EPSS

Percentile

69.3%

JSON
Related for PACKETSTORM:132397
cve1nvd1prion1cvelist1openvas1