Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormOmar KurtPACKETSTORM:151006
HistoryJan 03, 2019 - 12:00 a.m.

GeniXCMS 1.1.5 Cross Site Scripting

2019-01-0300:00:00
Omar Kurt
packetstormsecurity.com
40

0.003 Low

EPSS

Percentile

69.2%

JSON
`Multiple Cross-site Scripting Vulnerabilities in GeniXCMS 1.1.5  
  
Information  
--------------------  
  
Advisory by Netsparker  
Name: Cross-site Scripting Vulnerabilities in GeniXCMS  
Affected Software: GeniXCMS  
Affected Versions: 1.1.5  
Homepage: https://github.com/semplon/GeniXCMS  
Vulnerability: Cross-site Scripting  
Severity: High  
Status: Not Fixed  
CVE-ID: 2018-14476  
CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N (7.4)  
Netsparker Advisory Reference: NS-18-039  
  
Technical Details  
--------------------  
  
URL http://app.scan/ScanApp/GeniXCMS-v1.1.5-Install/GeniXCMS-v1.1.5/?step=1 Parameter Name dbuser  
Parameter Type POST  
Attack Pattern '><scRipt>netsparker(9)</scRipt>   
  
URL http://app.scan/ScanApp/GeniXCMS-v1.1.5-Install/GeniXCMS-v1.1.5/?step=1 Parameter Name dbhost  
Parameter Type POST  
Attack Pattern '"--></style></scRipt><scRipt>netsparker(0x000E51)</scRipt>  
  
For more information on cross-site scripting vulnerabilities read the article Cross-site Scripting (XSS).  
  
Advisory Timeline  
--------------------  
  
3rd December 2017 - First Contact  
6th December 2017 - Technical Details Sent  
5th February - 2018 - Attempted to Contact   
29th August 2018 - Advisory Released  
  
Credits & Authors  
--------------------  
  
These issues have been discovered by Omar Kurt while testing Netsparker Web Application Security Scanner.  
  
About Netsparker  
--------------------  
  
Netsparker web application security scanners find and report security flaws and vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) in all websites and web applications, regardless of the platform and technology they are built on. Netsparker scanning engineas unique detection and exploitation techniques allow it to be dead accurate in reporting vulnerabilities. The Netsparker web application security scanner is available in two editions; Netsparker Desktop and Netsparker Cloud. Visit our website https://www.netsparker.com for more information.  
  
  
`

Related

cvelist 1
prion 1
osv 1
cve 1
nvd 1
cvelist
cvelist
CVE-2018-14476
2019-12-31 15:18:52
prion
prion
Design/Logic Flaw
2019-12-31 16:15:00
osv
osv
CVE-2018-14476
2019-12-31 16:15:11
cve
cve
CVE-2018-14476
2019-12-31 16:15:11
nvd
nvd
CVE-2018-14476
2019-12-31 16:15:11

0.003 Low

EPSS

Percentile

69.2%

JSON
Related for PACKETSTORM:151006
cvelist1prion1osv1cve1nvd1