Genixcms: >> Genixcms Security Vulnerabilities
GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-05-03
GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is mishandled during a mouse operation by an administrator.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-05-01
GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter.
CVSS Score
8.8
EPSS Score
0.005
Published
2017-05-01
GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSG_USER_EMAIL_EXIST protection mechanism via a register.php?act=edit&id=1 request.
CVSS Score
5.3
EPSS Score
0.004
Published
2017-05-01
SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php.
CVSS Score
7.2
EPSS Score
0.011
Published
2017-01-12
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter.
CVSS Score
7.3
EPSS Score
0.005
Published
2017-01-01
Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.
CVSS Score
7.5
EPSS Score
0.105
Published
2015-03-23
Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter in the categories page to gxadmin/index.php or (2) page parameter to index.php.
CVSS Score
4.3
EPSS Score
0.14
Published
2015-03-23
Page 2