314 matches found
CVE-2022-24563
In Genixcms v1.1.11, a stored Cross-Site Scripting XSS vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the introtitle and introimage parameters...
CVE-2022-24563
CVE-2022-24563 : Genixcms v1.1.11 contains a stored XSS vulnerability in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters. The issue is documented with a MEDIUM severity (CVSS v3.1 base score 5.4; CVSS v2.0 base score 3.5). The vulnerability enables scri...
Metalgenix GeniXCMS 跨站脚本漏洞
Metalgenix GeniXCMS is a PHP-based content management system and framework CMSF from MetalGenix Metalgenix Indonesia. The system provides modules for user management, content management and menu management. A security vulnerability exists in Metalgenix GeniXCMS v1.1.11, which can be exploited by...
CVE-2020-10057
GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which "token" is used as a CSRF protection mechanism, but without validation that "token" is associated with an administrative user...
CVE-2020-10057
GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which "token" is used as a CSRF protection mechanism, but without validation that "token" is associated with an administrative user...
Improper access control
GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which "token" is used as a CSRF protection mechanism, but without validation that "token" is associated with an administrative user...
CVE-2020-10057
GeniXCMS 1.1.7 is affected by a user privilege escalation due to broken access control. The issue stems from an incomplete fix for CVE-2015-2680, where a CSRF token was used without validating that the token is tied to an administrative user. No patch/version remediation details are provided in t...
CVE-2020-10057
GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which "token" is used as a CSRF protection mechanism, but without validation that "token" is associated with an administrative user...
CVE-2018-14476
GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation...
CVE-2018-14476
GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation...
Design/Logic Flaw
GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation...
CVE-2018-14476
GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation...
CVE-2018-14476
CVE-2018-14476 affects GeniXCMS 1.1.5 and is a cross-site scripting vulnerability exploitable via the installation step 1 parameters. The root cause is reflected in the documentation as XSS through the dbuser or dbhost fields submitted during step 1 of installation, allowing arbitrary web script ...
GeniXCMS 1.1.5 Cross-Site Scripting Attack Vulnerability
MetalGenix GeniXCMS is a PHP-based content management system and framework CMSF from MetalGenix Indonesia, which provides modules for user management, content management and menu management. A cross-site scripting vulnerability exists in MetalGenix GeniXCMS version 1.1.5. A remote attacker can...
GeniXCMS 1.1.5 Cross Site Scripting
Multiple Cross-site Scripting Vulnerabilities in GeniXCMS 1.1.5 Information -------------------- Advisory by Netsparker Name: Cross-site Scripting Vulnerabilities in GeniXCMS Affected Software: GeniXCMS Affected Versions: 1.1.5 Homepage: https://github.com/semplon/GeniXCMS Vulnerability: Cross-si...
GeniXCMS Cross-Site Scripting Vulnerability (CNVD-2018-08912)
MetalGenix GeniXCMS is a PHP-based content management system and framework CMSF from MetalGenix Indonesia, which provides modules for user management, content management and menu management. A cross-site scripting vulnerability exists in MetalGenix GeniXCMS version 1.1.0. A remote attacker can...
Cross site scripting
Cross-site scripting XSS vulnerability in GeniXCMS 1.1.0 allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu...
CVE-2017-14740
Cross-site scripting XSS vulnerability in GeniXCMS 1.1.0 allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu...
CVE-2017-14740
Cross-site scripting XSS vulnerability in GeniXCMS 1.1.0 allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu...
CVE-2017-14740
GeniXCMS 1.1.0 is affected by an XSS vulnerability that allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu. The issue is documented across multiple sources (e.g., CVE-2017-14740 and related advisories) and is not described with a published ...