CVE-2015-5066

GeniXCMS 0.0.3 - Cross-Site Scripting via Posts Page Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-5066. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This is a writeup detailing persistent and reflected XSS vulnerabilities in GeniXCMS v0.0.3. It describes how malicious scripts can be injected into the 'content', 'title', and 'q' parameters, executing in the context of the user's browser.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) content or (2) title field in an add action in the posts page to index.php or the (3) q parameter in the posts page to index.php.

Exploits (1)

exploitdb WRITEUP
by hyp3rlinx · textwebappsphp
https://www.exploit-db.com/exploits/37360

This is a writeup detailing persistent and reflected XSS vulnerabilities in GeniXCMS v0.0.3. It describes how malicious scripts can be injected into the 'content', 'title', and 'q' parameters, executing in the context of the user's browser.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: GeniXCMS v0.0.3
Auth required
Prerequisites: Access to the GeniXCMS admin panel · Valid session token for authenticated XSS
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/535806/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/37360/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75398

Scores

EPSS 0.0376
EPSS Percentile 88.5%

Details

CWE
CWE-79
Status published
Products (1)
metalgenix/genixcms 0.0.3
Published Jun 24, 2015
Tracked Since Feb 18, 2026