Description
Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) content or (2) title field in an add action in the posts page to index.php or the (3) q parameter in the posts page to index.php.
Exploits (1)
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/535806/100/0/threaded
Various Sources x_refsource_misc
http://hyp3rlinx.altervista.org/advisories/AS-GENIXCMS0621.txt
Exploit x_refsource_misc
http://packetstormsecurity.com/files/132397/GeniXCMS-0.0.3-Cross-Site-Scripting.html
Release Notes x_refsource_confirm
https://github.com/semplon/GeniXCMS/releases/tag/v0.0.4
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/37360/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75398
Scores
EPSS
0.0824
EPSS Percentile
92.2%
Details
CWE
CWE-79
Status
published
Products (1)
metalgenix/genixcms
0.0.3
Published
Jun 24, 2015
Tracked Since
Feb 18, 2026