Lucene search
+L

314 matches found

OSV
OSV
added 2022/05/17 12:36 a.m.39 views

GHSA-XF2G-C66G-5F5R GeniXCMS Cross-site Scripting (XSS) vulnerability via id parameter

In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id parameter...

6.1CVSS5.8AI score0.00683EPSS
Exploits1References3
OSV
OSV
added 2022/05/17 12:36 a.m.23 views

GHSA-3C7G-P9JX-8CGM GeniXCMS Cross-site Scripting (XSS) via the Menu ID field

In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request...

6.1CVSS5.8AI score0.00683EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/05/17 12:20 a.m.19 views

MetalGenix GeniXCMS vulnerable to SQL Injection

Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the 1 email parameter or 2 userid parameter to register.php...

9.8CVSS8.7AI score0.0376EPSS
Exploits4References4Affected Software1
OSV
OSV
added 2022/05/17 12:20 a.m.6 views

GHSA-Q4HW-62MX-Q37W MetalGenix GeniXCMS vulnerable to SQL Injection

Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the 1 email parameter or 2 userid parameter to register.php...

9.8CVSS10AI score0.0376EPSS
Exploits4References4
Github Security Blog
Github Security Blog
added 2022/05/17 12:11 a.m.22 views

GeniXCMS XSS Vulnerability

GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter. NOTE: this might overlap CVE-2017-14761, CVE-2017-14762, or CVE-2017-14765...

6.1CVSS6.3AI score0.00683EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/05/17 12:11 a.m.25 views

GHSA-PWR7-J6G3-HMX6 GeniXCMS XSS Vulnerability

GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter. NOTE: this might overlap CVE-2017-14761, CVE-2017-14762, or CVE-2017-14765...

6.1CVSS5.8AI score0.00683EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/05/14 3:21 a.m.21 views

GeniXCMS Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in GeniXCMS 1.1.0 allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu...

4.8CVSS5.4AI score0.00653EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/05/14 3:21 a.m.12 views

GHSA-478J-MCRR-3877 GeniXCMS Cross-site scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in GeniXCMS 1.1.0 allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu...

4.8CVSS4.7AI score0.00653EPSS
Exploits1References3
OSV
OSV
added 2022/05/14 1:20 a.m.33 views

GHSA-2PPW-6XVG-RWGW GeniXCMS SQL injection vulnerability

SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php...

7.2CVSS7.3AI score0.01648EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2022/05/14 1:20 a.m.20 views

GeniXCMS SQL injection vulnerability

SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php...

7.2CVSS8.3AI score0.01648EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2022/05/13 1:47 a.m.11 views

GHSA-559C-W54X-8342 GeniXCMS Mailbox validation logic vulnerability

GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSGUSEREMAILEXIST protection mechanism via a register.php?act=edit&id=1 request...

5.3CVSS5.2AI score0.01589EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/05/13 1:47 a.m.21 views

GeniXCMS Mailbox validation logic vulnerability

GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSGUSEREMAILEXIST protection mechanism via a register.php?act=edit&id=1 request...

5.3CVSS6.9AI score0.01589EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/13 1:43 a.m.20 views

GeniXCMS arbitrary PHP code execution

In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme...

8.8CVSS7.4AI score0.01422EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/05/13 1:43 a.m.41 views

GHSA-2F6R-892P-69G5 GeniXCMS arbitrary PHP code execution

In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme...

8.8CVSS8.7AI score0.01422EPSS
Exploits1References3
OSV
OSV
added 2022/03/04 12:0 a.m.13 views

GHSA-5MWX-F6W6-7W5R Cross-site Scripting in GeniXCMS

In Genixcms v1.1.11, a stored Cross-Site Scripting XSS vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the introtitle and introimage parameters...

5.4CVSS5.2AI score0.00867EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/03/04 12:0 a.m.35 views

Cross-site Scripting in GeniXCMS

In Genixcms v1.1.11, a stored Cross-Site Scripting XSS vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the introtitle and introimage parameters...

5.4CVSS3.3AI score0.00867EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/03/03 2:15 a.m.7 views

CVE-2022-24563

In Genixcms v1.1.11, a stored Cross-Site Scripting XSS vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the introtitle and introimage parameters...

5.4CVSS6AI score0.00867EPSS
Exploits1References4
NVD
NVD
added 2022/03/03 2:15 a.m.24 views

CVE-2022-24563

In Genixcms v1.1.11, a stored Cross-Site Scripting XSS vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the introtitle and introimage parameters...

5.4CVSS0.00867EPSS
Exploits1References3
OSV
OSV
added 2022/03/03 2:15 a.m.19 views

CVE-2022-24563

In Genixcms v1.1.11, a stored Cross-Site Scripting XSS vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the introtitle and introimage parameters...

5.4CVSS5.3AI score0.00867EPSS
Exploits1References3
Prion
Prion
added 2022/03/03 2:15 a.m.16 views

Cross site scripting

In Genixcms v1.1.11, a stored Cross-Site Scripting XSS vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the introtitle and introimage parameters...

3.5CVSS5.2AI score0.00867EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder