Genixcms Security Vulnerabilities and Issues — Genixcms CVE List

Lucene search

GenixcmsGenixcms

4 matches found

CVE•added 2017/09/10 7:29 a.m.•52 views

CVE-2017-14231

GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin[removed] username versus the admin username, related to register.php, User.class.php, and Type.class.php.

5.3CVSS5.2AI score0.00608EPSS

CVE•added 2017/05/01 4:59 p.m.•39 views

CVE-2017-8376

GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is mishandled during a mouse operation by an administrator.

5.4CVSS5.1AI score0.0032EPSS

CVE•added 2017/05/01 4:59 p.m.•34 views

CVE-2017-8388

GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSG_USER_EMAIL_EXIST protection mechanism via a register.php?act=edit&id=1 request.

5.3CVSS5.2AI score0.00429EPSS

CVE•added 2017/05/03 10:59 p.m.•32 views

CVE-2017-8762

GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element.

5.4CVSS5.1AI score0.00315EPSS