CVE-2015-5066

Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) content or (2) title field in an add action in the posts page to index.php or the (3) q parameter in the posts page to index.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:metalgenix:genixcms:0.0.3:*:*:*:*:*:*:*

History

21 Nov 2024, 02:32

Type Values Removed Values Added
References () http://hyp3rlinx.altervista.org/advisories/AS-GENIXCMS0621.txt - () http://hyp3rlinx.altervista.org/advisories/AS-GENIXCMS0621.txt -
References () http://packetstormsecurity.com/files/132397/GeniXCMS-0.0.3-Cross-Site-Scripting.html - Exploit () http://packetstormsecurity.com/files/132397/GeniXCMS-0.0.3-Cross-Site-Scripting.html - Exploit
References () http://www.securityfocus.com/archive/1/535806/100/0/threaded - () http://www.securityfocus.com/archive/1/535806/100/0/threaded -
References () http://www.securityfocus.com/bid/75398 - () http://www.securityfocus.com/bid/75398 -
References () https://github.com/semplon/GeniXCMS/releases/tag/v0.0.4 - () https://github.com/semplon/GeniXCMS/releases/tag/v0.0.4 -
References () https://www.exploit-db.com/exploits/37360/ - () https://www.exploit-db.com/exploits/37360/ -

Information

Published : 2015-06-24 14:59

Updated : 2024-11-21 02:32


NVD link : CVE-2015-5066

Mitre link : CVE-2015-5066

CVE.ORG link : CVE-2015-5066


JSON object : View

Products Affected

metalgenix

  • genixcms
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')