Published: 24/06/2015 Updated: 09/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote malicious users to inject arbitrary web script or HTML via the (1) content or (2) title field in an add action in the posts page to index.php or the (3) q parameter in the posts page to index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
metalgenix genixcms 0.0.3

# Exploit Title: Persistent XSS # Google Dork: intitle: Persistent XSS # Date: 2015-06-21 # Exploit Author: John Page ( hyp3rlinx ) # Website: hyp3rlinxaltervistaorg # Vendor Homepage: genixcmsorg # Software Link: genixcmsorg # Version: 003 # Tested on: windows 7 # Category: webapps Vendor: ============================================= ge ...

CWE-79 http://packetstormsecurity.com/files/132397/GeniXCMS-0.0.3-Cross-Site-Scripting.html http://hyp3rlinx.altervista.org/advisories/AS-GENIXCMS0621.txt http://www.securityfocus.com/bid/75398 https://www.exploit-db.com/exploits/37360/https://github.com/semplon/GeniXCMS/releases/tag/v0.0.4 http://www.securityfocus.com/archive/1/535806/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/37360/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-5066

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect