314 matches found
GHSA-GJCJ-FJ23-5J5V GeniXCMS SQL injection vulnerability
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter...
GeniXCMS SQL injection vulnerability
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter...
GHSA-52XR-WX26-9RFG GeniXCMS Cross-site Scripting (XSS)
GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is mishandled during a mouse operation by an administrator...
GeniXCMS Cross-site Scripting (XSS)
GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is mishandled during a mouse operation by an administrator...
GeniXCMS SQL Injection
GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter...
GHSA-34VW-8CJW-CWJJ GeniXCMS SQL Injection
GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter...
GeniXCMS Cross-site Scripting
GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element...
GeniXCMS Cross-site Scripting (XSS)
GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element...
GHSA-5HF2-7XF4-W3J6 GeniXCMS Cross-site Scripting
GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element...
GHSA-4399-46R4-5RMV GeniXCMS Cross-site Scripting (XSS)
GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element...
GeniXCMS Arbitrary User Password Reset Vulnerability
forgotpassword.php in GeniXCMS lacks a rate limit, which might allow remote attackers to cause a denial of service login inability or possibly conduct Arbitrary User Password Reset attacks via a series of requests...
GHSA-WM7G-RMGG-9837 GeniXCMS Arbitrary User Password Reset Vulnerability
forgotpassword.php in GeniXCMS lacks a rate limit, which might allow remote attackers to cause a denial of service login inability or possibly conduct Arbitrary User Password Reset attacks via a series of requests...
GeniXCMS denial of service (account blockage)
GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service account blockage by leveraging the mishandling of certain username substring relationships, such as the admin username versus the admin username, related to register.php, User.class.php, and Type.class.php...
GHSA-2M9R-PM7Q-WR6F GeniXCMS denial of service (account blockage)
GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service account blockage by leveraging the mishandling of certain username substring relationships, such as the admin username versus the admin username, related to register.php, User.class.php, and Type.class.php...
GHSA-JGC6-JR94-H442 GeniXCMS Cross-site Scripting (XSS) via id parameter
In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter...
GeniXCMS Cross-site Scripting (XSS) via id parameter
In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter...
GeniXCMS arbitrary PHP code execution
In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module...
GeniXCMS Cross-site Scripting (XSS) vulnerability via id parameter
In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id parameter...
GeniXCMS Cross-site Scripting (XSS) via the Menu ID field
In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request...
GHSA-5CMG-8M8P-WHMJ GeniXCMS arbitrary PHP code execution
In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module...