Lucene search
+L

314 matches found

OSV
OSV
added 2022/05/17 2:50 a.m.21 views

GHSA-GJCJ-FJ23-5J5V GeniXCMS SQL injection vulnerability

SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter...

7.3CVSS7.7AI score0.0107EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/17 2:50 a.m.22 views

GeniXCMS SQL injection vulnerability

SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter...

7.5CVSS8.7AI score0.0107EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/17 2:46 a.m.28 views

GHSA-52XR-WX26-9RFG GeniXCMS Cross-site Scripting (XSS)

GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is mishandled during a mouse operation by an administrator...

5.4CVSS5.2AI score0.0064EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/17 2:46 a.m.18 views

GeniXCMS Cross-site Scripting (XSS)

GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is mishandled during a mouse operation by an administrator...

5.4CVSS5.9AI score0.0064EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 2:46 a.m.18 views

GeniXCMS SQL Injection

GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter...

8.8CVSS8.2AI score0.0148EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/05/17 2:46 a.m.18 views

GHSA-34VW-8CJW-CWJJ GeniXCMS SQL Injection

GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter...

8.8CVSS9.2AI score0.0148EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/17 2:46 a.m.23 views

GeniXCMS Cross-site Scripting

GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element...

4.8CVSS6AI score0.00598EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 2:46 a.m.15 views

GeniXCMS Cross-site Scripting (XSS)

GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element...

5.4CVSS5.8AI score0.00496EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/17 2:46 a.m.13 views

GHSA-5HF2-7XF4-W3J6 GeniXCMS Cross-site Scripting

GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element...

4.8CVSS4.9AI score0.00598EPSS
Exploits0References4
OSV
OSV
added 2022/05/17 2:46 a.m.18 views

GHSA-4399-46R4-5RMV GeniXCMS Cross-site Scripting (XSS)

GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element...

5.4CVSS5.1AI score0.00496EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/17 2:46 a.m.25 views

GeniXCMS Arbitrary User Password Reset Vulnerability

forgotpassword.php in GeniXCMS lacks a rate limit, which might allow remote attackers to cause a denial of service login inability or possibly conduct Arbitrary User Password Reset attacks via a series of requests...

9.1CVSS7.3AI score0.01618EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/17 2:46 a.m.16 views

GHSA-WM7G-RMGG-9837 GeniXCMS Arbitrary User Password Reset Vulnerability

forgotpassword.php in GeniXCMS lacks a rate limit, which might allow remote attackers to cause a denial of service login inability or possibly conduct Arbitrary User Password Reset attacks via a series of requests...

9.1CVSS9.2AI score0.01618EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/17 12:53 a.m.18 views

GeniXCMS denial of service (account blockage)

GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service account blockage by leveraging the mishandling of certain username substring relationships, such as the admin username versus the admin username, related to register.php, User.class.php, and Type.class.php...

5.3CVSS6.9AI score0.01421EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/05/17 12:53 a.m.49 views

GHSA-2M9R-PM7Q-WR6F GeniXCMS denial of service (account blockage)

GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service account blockage by leveraging the mishandling of certain username substring relationships, such as the admin username versus the admin username, related to register.php, User.class.php, and Type.class.php...

5.3CVSS5.2AI score0.01421EPSS
Exploits1References5
OSV
OSV
added 2022/05/17 12:36 a.m.38 views

GHSA-JGC6-JR94-H442 GeniXCMS Cross-site Scripting (XSS) via id parameter

In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter...

6.1CVSS5.8AI score0.00683EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/05/17 12:36 a.m.22 views

GeniXCMS Cross-site Scripting (XSS) via id parameter

In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter...

6.1CVSS5.7AI score0.00683EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 12:36 a.m.21 views

GeniXCMS arbitrary PHP code execution

In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module...

8.8CVSS7.4AI score0.01537EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 12:36 a.m.26 views

GeniXCMS Cross-site Scripting (XSS) vulnerability via id parameter

In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id parameter...

6.1CVSS5.7AI score0.00683EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 12:36 a.m.22 views

GeniXCMS Cross-site Scripting (XSS) via the Menu ID field

In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request...

6.1CVSS5.7AI score0.00683EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/05/17 12:36 a.m.35 views

GHSA-5CMG-8M8P-WHMJ GeniXCMS arbitrary PHP code execution

In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module...

8.8CVSS8.7AI score0.01537EPSS
Exploits1References3
Rows per page
Query Builder