genix/cms is vulnerable to cross-site scripting. An attacker is able to inject a malicious script to “/gxadmin/index.php?page=themes&view;=options” via the intro_title and intro_image parameters, causing an execution of malicious script upon user’s visit.