Lucene search
K

314 matches found

Cvelist
Cvelist
added 2022/03/03 1:23 a.m.31 views

CVE-2022-24563

In Genixcms v1.1.11, a stored Cross-Site Scripting XSS vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the introtitle and introimage parameters...

5.4AI score0.00867EPSS
Exploits1References3
CVE
CVE
added 2022/03/03 1:23 a.m.91 views

CVE-2022-24563

CVE-2022-24563 : Genixcms v1.1.11 contains a stored XSS vulnerability in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters. The issue is documented with a MEDIUM severity (CVSS v3.1 base score 5.4; CVSS v2.0 base score 3.5). The vulnerability enables scri...

5.4CVSS5.2AI score0.00867EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2022/03/03 12:0 a.m.6 views

Metalgenix GeniXCMS 跨站脚本漏洞

Metalgenix GeniXCMS is a PHP-based content management system and framework CMSF from MetalGenix Metalgenix Indonesia. The system provides modules for user management, content management and menu management. A security vulnerability exists in Metalgenix GeniXCMS v1.1.11, which can be exploited by...

5.4CVSS5.5AI score0.00867EPSS
Exploits1References3
OSV
OSV
added 2020/03/04 7:15 p.m.13 views

CVE-2020-10057

GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which "token" is used as a CSRF protection mechanism, but without validation that "token" is associated with an administrative user...

8.8CVSS7.2AI score0.00905EPSS
Exploits1References1
NVD
NVD
added 2020/03/04 7:15 p.m.15 views

CVE-2020-10057

GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which "token" is used as a CSRF protection mechanism, but without validation that "token" is associated with an administrative user...

8.8CVSS8.9AI score0.00905EPSS
Exploits1References1
Prion
Prion
added 2020/03/04 7:15 p.m.14 views

Improper access control

GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which "token" is used as a CSRF protection mechanism, but without validation that "token" is associated with an administrative user...

6.8CVSS8.8AI score0.03907EPSS
Exploits3References1Affected Software1
CVE
CVE
added 2020/03/04 6:3 p.m.68 views

CVE-2020-10057

GeniXCMS 1.1.7 is affected by a user privilege escalation due to broken access control. The issue stems from an incomplete fix for CVE-2015-2680, where a CSRF token was used without validating that the token is tied to an administrative user. No patch/version remediation details are provided in t...

8.8CVSS8.8AI score0.00905EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/03/04 6:3 p.m.25 views

CVE-2020-10057

GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which "token" is used as a CSRF protection mechanism, but without validation that "token" is associated with an administrative user...

8.9AI score0.00905EPSS
Exploits1References1
OSV
OSV
added 2019/12/31 4:15 p.m.14 views

CVE-2018-14476

GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation...

6.1CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2019/12/31 4:15 p.m.18 views

CVE-2018-14476

GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation...

6.1CVSS6.1AI score0.00874EPSS
Exploits2References2
Prion
Prion
added 2019/12/31 4:15 p.m.14 views

Design/Logic Flaw

GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation...

4.3CVSS6AI score0.00874EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2019/12/31 3:18 p.m.19 views

CVE-2018-14476

GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation...

6.1AI score0.00874EPSS
Exploits2References2
CVE
CVE
added 2019/12/31 3:18 p.m.43 views

CVE-2018-14476

CVE-2018-14476 affects GeniXCMS 1.1.5 and is a cross-site scripting vulnerability exploitable via the installation step 1 parameters. The root cause is reflected in the documentation as XSS through the dbuser or dbhost fields submitted during step 1 of installation, allowing arbitrary web script ...

6.1CVSS6AI score0.00874EPSS
Exploits2References2Affected Software1
CNVD
CNVD
added 2019/01/04 12:0 a.m.4 views

GeniXCMS 1.1.5 Cross-Site Scripting Attack Vulnerability

MetalGenix GeniXCMS is a PHP-based content management system and framework CMSF from MetalGenix Indonesia, which provides modules for user management, content management and menu management. A cross-site scripting vulnerability exists in MetalGenix GeniXCMS version 1.1.5. A remote attacker can...

6.1CVSS6.1AI score0.00874EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2019/01/03 12:0 a.m.63 views

GeniXCMS 1.1.5 Cross Site Scripting

Multiple Cross-site Scripting Vulnerabilities in GeniXCMS 1.1.5 Information -------------------- Advisory by Netsparker Name: Cross-site Scripting Vulnerabilities in GeniXCMS Affected Software: GeniXCMS Affected Versions: 1.1.5 Homepage: https://github.com/semplon/GeniXCMS Vulnerability: Cross-si...

6.4AI score0.00874EPSS
Exploits2
CNVD
CNVD
added 2018/04/27 12:0 a.m.2 views

GeniXCMS Cross-Site Scripting Vulnerability (CNVD-2018-08912)

MetalGenix GeniXCMS is a PHP-based content management system and framework CMSF from MetalGenix Indonesia, which provides modules for user management, content management and menu management. A cross-site scripting vulnerability exists in MetalGenix GeniXCMS version 1.1.0. A remote attacker can...

4.8CVSS5.9AI score0.00653EPSS
Exploits1References1
Prion
Prion
added 2018/04/26 2:29 p.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in GeniXCMS 1.1.0 allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu...

3.5CVSS4.7AI score0.00653EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/04/26 2:29 p.m.23 views

CVE-2017-14740

Cross-site scripting XSS vulnerability in GeniXCMS 1.1.0 allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu...

4.8CVSS5.6AI score
Exploits0References1
NVD
NVD
added 2018/04/26 2:29 p.m.21 views

CVE-2017-14740

Cross-site scripting XSS vulnerability in GeniXCMS 1.1.0 allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu...

4.8CVSS4.7AI score0.00653EPSS
Exploits1References1
CVE
CVE
added 2018/04/26 2:0 p.m.51 views

CVE-2017-14740

GeniXCMS 1.1.0 is affected by an XSS vulnerability that allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu. The issue is documented across multiple sources (e.g., CVE-2017-14740 and related advisories) and is not described with a published ...

4.8CVSS4.6AI score0.00653EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder