Genix/cms

This hub aggregates every CVE we track for Genix/cms, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Genix/cms.

• CVE-2022-24563In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters.5.4Mar 3, 2022
• CVE-2020-10057GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which "token" is used as a CSRF protecti...8.8Mar 4, 2020
• CVE-2018-14476GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation.6.1Dec 31, 2019
• CVE-2017-14740Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu.4.8Apr 26, 2018
• CVE-2017-17431GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter. NOTE: this might overlap CVE-2017-14761, CVE-2017-14762, or CVE-2017-14765.6.1Dec 5, 2017
• CVE-2015-3933Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3-patch allow remote attackers to execute arbitrary SQL commands via the (1) email parameter or (2...9.8Nov 8, 2017
• CVE-2017-14763In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme.8.8Sep 27, 2017
• CVE-2017-14762In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter.6.1Sep 27, 2017
• CVE-2017-14765In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request.6.1Sep 27, 2017
• CVE-2017-14761In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id parameter.6.1Sep 27, 2017
• CVE-2017-14764In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a module.8.8Sep 27, 2017
• CVE-2017-14231GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> us...5.3Sep 10, 2017
• CVE-2017-8827forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might allow remote attackers to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks ...9.1May 8, 2017
• CVE-2017-8780GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element.4.8May 4, 2017
• CVE-2017-8762GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element.5.4May 3, 2017